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51 1845659 FUNCTION OR COMMAND OR REQUEST? ? OR TASK? ? OR JOB? ? OR - 

PROCEDURE? ? OR ACTION? ? 

52 248922 S1(5N) (SEND??? OR SENT OR FORWARD? OR TRANSFER???? OR CONV- 

EY? OR TRANSMIT? OR TRANSMISSION OR DELIVER? OR COMMUNICAT? OR 
PROVID??? OR REDIRECT? OR DIRECT??? OR DELEGAT? OR RELAY???) 

53 129284 S1(5N) (DOWNLOAD? OR UPLOAD? OR RECEIV??? OR RECEIPT OR OBT- 

AIN? OR GET???? OR ACQUIR??? OR ACQUISITION) 

54 57941 S2:S3(5N) (SERVER OR CLIENT OR NODE OR TERMINAL OR PC OR CO- 

MPUTER OR WORK () STATION OR WORKSTATION OR DEVICE OR UNIT) 

55 699059 ID OR IDENTIFIER? ? OR IDENTIFICATION OR IDENTIFYING OR ID- 

ENTITY OR ATTRIBUTE? ? OR PROFILE? ? OR AUTHORIZATION OR AUTH- 
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58 57777 S5:S6(3N) (PERSON? ? OR INDIVIDUAL? ? OR EMPLOYEE? OR MEMBE- 

R? ? OR ENTITY OR ENTITIES OR STUDENT? ? OR SOMEONE OR ANYONE 
OR USER? ? OR SUBSCRIBER? ? OR CUSTOMER? ? OR REQUESTOR? ?) 
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01134233 

Filing system which provides increased availability of image data stored 
therein 

Archivierungssystem das die Verfugbarkeit der darin gespeicherten 

Bilderdaten verbessert 
Syteme d'archivage destine a ameliorer la disponibilite de donnees d' image 

stocke la-dedans 
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Ricoh Company, Ltd., (209037), 3-6, Nakamagome 1-chome, Ohta-ku, Tokyo 
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Miyamoto, Masayoshi, 105-4-205 Minesawacho, Hodogaya-ku, Yokohama-shi , 
Kanagawa, (JP) 

Kakii, Hiroshi, 4-19-1 Higashitoyoda , Hino-shi, Tokyo, (JP) 
Yoshikawa, Takashi, 3-23-6-902 Shinyokohama , Kohoku-ku, Yokohama-shi, 
Kanagawa, (JP) 

Araumi, Yuichi, 2-1-7 Utsukushigaoka , Aoba-ku, Yokohama-shi, Kanagawa, 
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Schwabe - Sandmair - Marx (100951), Stunt zstrasse 16, 81677 Munchen, (DE) 
PATENT (CC, No, Kind, Date) : EP 990970 Al 000405 (Basic) 

EP 990970 Bl 020508 
APPLICATION (CC, No, Date) : EP 99119044 990929; 
PRIORITY (CC, No, Date) : JP 98279019 980930 
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EXTENDED DESIGNATED STATES: AL; LT; LV; MK; RO; SI 

INTERNATIONAL PATENT CLASS: G06F-001/00 

CITED PATENTS (EP B) : DE 19703970 A; US 5602936 A 

ABSTRACT EP 990970 Al 

In a filing system, a data processing apparatus is connected to a file 
server via a transmission path. Image data of a document is captured into 
che data processing apparatus. The captured image data is stored onto an 
image storage medium. One or a plurality of owner identifications are 
acquired when the image data is captured. The owner identifications are 
correlated with the image data stored on the image storage medium, and 
the stored image data is allowed to be accessed when any of the owner 
identifications correlated with the image data is verified. The image 
data is output in a readable manner by retrieving the stored image data 
of the image storage medium when the access to the image data is allowed. 

ABSTRACT WORD COUNT: 124 

NOTE: 

Figure number on first page: 1 

LEGAL STATUS (Type, Pub Date, Kind, Text) : 
Examination: 000809 Al Date of request for examination: 20000614 

Application: 20000405 Al Published application with search report 

Oppn None: 030502 Bl No opposition filed: 20030211 

Change: 020116 Al Designated contracting states changed 20011127 

Examination: 010404 Al Date of dispatch of the first examination 

report: 20010215 
Grant: 020508 Bl Granted patent 
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FULLTEXT AVAILABILITY: 
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(English) 
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2035 


CLAIMS B 


(English) 


200219 


2022 


CLAIMS B 


(German) 


200219 


1760 


CLAIMS B 


( French) 


200219 


2215 


SPEC A 


(English) 


200014 


13276 


SPEC B 


(English) 


200219 
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Tocal word count 


- document 
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15313 


Total word count 
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...CLAIMS operator identifications when the image data is captured by the 
data capturing unit but any of the owner identifications are not 
acquired, and wherein the access management unit correlates the 
standard user identification with the image data stored by the data 
storing unit, and allows the stored image data to be accessed when 
the standard user identification correlated with the image data is 
verified . 

15. The filing system according to claim 1, wherein the authorized user 

identifying unit acquires a standard user identification as one 
of a plurality of operator identifications when the image data is 
captured by the data capturing unit using a facsimile receiving 
function and any of the owner identifications are not acquired, and 
wherein the access management unit correlates the standard user 
identification with the image data stored by the data storing unit, 
and allows the stored image data to be accessed when the standard 
user identification correlated with the image data is verified. 

16. The filing system according to claim 15, wherein the access 
management unit includes a standard user identification setting 
unit which acquires a standard user identification, the standard user 
identification being predetermined on a display device of a client 
data processing apparatus and... 

...CLAIMS identifications when the image data is captured by the data 

capturing unit (101) but any of the owner identifications are not 
acquired, and wherein the access management unit (110) correlates 
the standard user identification with the image data stored by the 
data storing unit (104), and allows the stored image data to be 
accessed when the standard user identification correlated with the 
image data is verified. 

15. The filing system according to claim 1, wherein the authorized user 

identifying unit (105) acquires a standard user identification 
as one of a plurality of operator identifications when the image data 
is captured by the data capturing unit (101) using a facsimile 
receiving function and any of the owner identifications are not 
acquired, and wherein the access management unit (110) correlates 
the standard user identification with the image data stored by 
the data storing unit (104), and allows the stored image data to be 
accessed when the standard user identification correlated with 
the image data is verified. 

16. The filing system according to claim 15, wherein the access 
management unit (110) includes a standard user identification 
setting unit which acquires a standard user identification, the 
standard user identification being predetermined on a display device 
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01072668 

A system and method for operating scientific instruments over wide area 
networks 

System und Verfahren zum Betreiben von wissenschaf tlichen Instrumenten uber 
Grossraumnetzwerke 

Systeme et methode pour faire fonctionner des instruments scientif iques sur 
des reseaux etendus 

PATENT ASSIGNEE: 

International Business Machines Corporation, (200120), Old Orchard Road, 
Armonk, N.Y. 10504, (US), (Applicant designated States: all) 
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Property Department, Hursley Park, Winchester, Hampshire S021 2 JN, (GB) 
PATENT (CC, No, Kind, Date): EP 943992 A2 990922 (Basic) 
APPLICATION (CC, No, Date) : EP 99301594 990303; 
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INTERNATIONAL PATENT CLASS: G06F-009/46 

ABSTRACT EP 94 3992 A2 

A method, apparatus, and article of manufacture for operating remote 
devices over wide area networks such as the Internet. The system includes 
client computers for interacting with users to accept commands and 
display results, a proxy server computer for performing intermediate 
processing of commands and results, and a device server computer coupled 
to the remote device that executes the commands and generates the 
result s . 

ABSTRACT WORD COUNT: 65 

NOTE: 

Figure number on first page: 1 

LEGAL STATUS (Type, Pub Date, Kind, Text): 

Application: 990922 A2 Published application without search report 

LANGUAGE ( Publicat ion , Procedural , Application ) : English; English; English 
FULLTEXT AVAILABILITY: 

Available Text Language Update Word Count 

CLAIMS A (English) 9938 1137 

SPEC A (English) 9938 4382 
Total word count - document A 5519 
Total word count - document B 0 
Total word count - documents A + B 5519 

INTERNATIONAL PATENT CLASS: G06F-009/46 

. . . CLAIMS user to specify one or more parameters for the remote device. 

9. The system of claim 1, wherein the client computers, proxy server 

computer, and device server computer each execute a command 
processor that facilitates the transmission of commands from the 
client computers to the remote device and results from the remote 
device to the client computers. 

10. The system of claim 1, wherein the proxy server computer includes a 
user manager for managing a collection of users and access 
permissions for the commands. 

11. The system of claim 10, wherein the user manager includes an 
access control list for each command and the user manager grants 
and denies permission to execute the issued commands in accordance 
with the access control list. 

12. . . 
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Server and client 
Server und Klient 
Serveur et client 

PATENT ASSIGNEE: 

MATSUSHITA ELECTRIC INDUSTRIAL CO., LTD., (216882), 1006, Kadoma, 
Kadoma-shi, Osaka-fu 571, ( JP) , (Proprietor designated states: all) 
INVENTOR: 

Ohnishi, Tatsuya, 281-5, Kawahara, Aza, Sasabe, Kawanishi-shi, Hyougo 
66-01, (JP) 
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Mnuma, Chinatsu, c/o Dohsaka, 1426-3-802, Higashif utami , Futami-cho 



Akashi-shi Hyogo-ken 674-0092, (JP) 
LEGAL REPRESENTATIVE: 

Ahmad, Sheikh Shakeel et al (85131), David Keltie Associates Fleet Place 
House 2 Fleet Place, London EC4M 7ET, (GB) 
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EP 918283 A3 990721 
EP 918283 Bl 030219 
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RELATED PARENT NUMBER ( S ) - PN (AN): 

EP 601860 (EP 93309919) 
INTERNATIONAL PATENT CLASS: G06F-009/46 ; G06F-003/12 ; H04L-029/06 
CITED PATENTS (EP B) : EP 479660 A; WO 89/03086 A; US 5128878 A; US 5220674 

A 

ABSTRACT EP 918283 A2 

The present invention provides a server capable of providing a system 
in which a client can be reconnected to one server to another to use any 
output unit in the system without any prior knowledge thereof. The server 
can select an output unit to which the job request should be sent by 
referring to correspondence information held therein when the server 
receives a job request that specifies neither a type of an output unit 
nor a data format. Also, the server can select an available output unit 
for data-output in an adequate data format when it receives output data 
alone, Further, the server can assign a certain output unit to job 
requests of the same kind sent from the same client, manage the accesses 
to the output units, distribute output loading according to an output 
queue to the server, and select the most appropriate server as per 
condition set by a user. As well, the server can easily provide the 
information of the output units to a client by managing the information 
when the client or an output unit is connected to the server. 

ABSTRACT WORD COUNT: 18 5 

NOTE : 

Figure number on first page: NONE 
LEGAL STATUS {Type, Pub Date, Kind, Text) : 



Examination : 


001206 


A2 


Date of dispatch of the first examination 
report: 20001020 


Application : 


990526 


A2 


Published application (Alwith Search Report 
;A2without Search Report) 


Grant : 


030219 


Bl 


Granted patent 


Change : 


020313 


A2 


International Patent Classification changed 






20020122 


Change : 


030129 


A2 


Inventor information changed: 20021206 


Examinat ion : 


990526 


A2 


Date of filing of request for examination: 
990302 


Search Report : 


990721 


A3 


Separate publication of the European or 
International search report 


Change : 


990721 


A2 


Obligatory supplementary classification 
(change) 


Change : 


991006 


A2 


Inventor information changed: 19990819 



LANGUAGE* ( Publica t ion , Procedura 1 , Appl icat ion ) : English; English; English 
FULLTEXT AVAILABILITY: 



Available Text 


Language 


Update 


Word Cou 




CLAIMS A 


(English) 


199921 


900 




CLAIMS B 


(English) 


200308 


903 




CLAIMS B 


(German) 


200308 


870 




CLAIMS B 


(French) 


200308 


1155 




SPEC A 


(English) 


199921 


26992 




SPEC B 


(English) 


200308 


19107 


Total 


word count 


- document 


A 


27896 


Toual 


word count 


- document 


B 


22035 


Total 


word count 


- documents A + B 


49931 



INTERNATIONAL PATENT CLASS: G06F-009/46 



The include an access authorization table for indicating whether an 
access to each output unit is authorized or not in relation with each 
client , an access- authorization - identifier extracting unit for 
extracting an identifier specifying an access authorization from the job 

request from the job -request- sender - client by judging whether or 
not the job request from the client includes the access- authorization 
-speci f ying-identif ier , and an accessible output unit detecting unit for 
detecting an accessible output unit which is placed under a control of 
the readout data-output control instruction by referring to the access 

authorization table with the access-authorization-specif ying-identif ier 
included in the job request. 

The identifier specifying the access authorization may be selected from 
a group . . . 

...SPECIFICATION selecting means may include an access authorization table 
for indicating whether an access to each output unit is authorized or not 
in relation with each client , an access- authorization - identifier 
extracting unit for extracting an identifier specifying an access 
authorization from the job request from the job -request- sender - 
client by judging whether or not the job request from the client 
includes the access- authorization -specif ying-identif ier , and an 
accessible output unit detecting unit for detecting an accessible output 
unit which is placed under a control of the readout data-output control 
instruction by referring to the access authorization table with the 
access-authorization-specif ying-identif ier included in the job request. 

The identifier specifying the access authorization may be selected from 
a group . . . 

...CLAIMS 46) further comprises: 

an access authorization table (48) for indicating whether an access to 
each output unit is authorized or not in relation with each client ; 

an access- authorization - identifier extracting unit (47) for 

extracting an identifier specifying an access authorization from said 

job request from said job -request- sender - client by judging 
whether or not said job request from said client includes said 
access- authorization -specif ying-identif ier ; and 

an accessible output unit detecting unit for detecting an accessible 
output unit which is placed under a control of said readout 
data-output control instruction by referring to said access 
authorization table with said 

access-authorization-specif ying-identif ier included in said job 
request . 

9. A server of Claim 2, wherein 
said identifier specifying said access... 

...CLAIMS 46) further comprises: 

an access authorization table (48) for indicating whether an access to 
each output unit is authorized or not in relation with each client ; 

an access- authorization - identifier extracting unit (47) for 

extracting an identifier specifying an access authorization from said 

job request from said job -request- sender - client by judging 
whether or not said job request from said client includes said 
access- authorization -specif ying-identif ier ; and 

an accessible output unit detecting unit for detecting an accessible 
output unit which is placed under a control of said readout 
data-output control instruction by referring to said access 
authorization table with said 

access-authorization-specif ying-identif ier included in said job 
request . 

9. A server of Claim 8, wherein 

said identifier specifying said access... 
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Method of and apparatus for providing a client/server architecture. 
Verfahren und Anordnung zur Bereitstellung einer Klient- Server - Ar chi tektur . 
Procede et dispositif pour produire une architecture du type 
"client-server" . 

PATENT ASSIGNEE: 

INTERNATIONAL BUSINESS MACHINES CORPORATION, (200125), Old Orchard Road, 
Armonk, N.Y. 10504, (US), (applicant designated states: DE;FR;GB) 
INVENTOR: 

Shriver, David I., 2702 Ansley Court, Euless, TX 76039, (US) 
LEGAL REPRESENTATIVE: 

de Pena, Alain (15151), Compagnie IBM France Departement de Propriete 
Intellectuelle, F-06610 La Gaude, (FR) 
PATENT (CC, No, Kind, Date) : EP 598673 Al 940525 (Basic) 
APPLICATION (CC, No, Date) : EP 93480164 931019; 
PRIORITY (CC, No, Date) : US 978647 921119 
DESIGNATED STATES: DE; FR; GB 
INTERNATIONAL PATENT CLASS: G06F-009/46 

ABSTRACT EP 598673 Al 

An improved client / server architecture in which a server runs as part 
of the client's task, subtask or process when processing a request for a 
client. The present invention causes the server, while still appearing 
logically and functionally the same to the client, to temporarily run as 
an extension of the client, while the server is servicing a request for 
the client. This may be accomplished by preserving the state of the 
server (by saving the registers and critical storage pointers) at the 
point that the server is ready to accept a new work request. This state 
information for the server may be accessed and used later by the client 
to transfer control to the server code, to resume the server's operation. 
The client's request may then be passed as arguments (parameters) on the 
call. Unlike message passing, this does not necessarily involve data 
transfer, as only the address of the request data may be passed, (see 
image in original document) 

ABSTRACT WORD COUNT: 164 

LEGAL STATUS (Type, Pub Date, Kind, Text): 
Application: 940525 Al Published application (Alwith Search Report 

;A2without Search Report) 
Examination: 941123 Al Date of filing of request for examination: 
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Withdrawal: 961030 Al Date on which the European patent application 
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...SPECIFICATION the further advantage of providing an improved client / 
server architecture. 

The present invention has the further advantage of providing a more 
efficient method of client / server operation as there is reduced task 

switching and inter-process communication involved. A more efficient 
direct program to program transfer of control with parameter passing as 
arguments results in a shorter code path length and less... 
...invention has the further advantage of providing improved security as 



the server, when it is running as part of the client tasks, inherits the 
same authority as the client . This assumes that security 
authorization for access to resources is managed on a client by 
client (or task by task) basis. 

The present invention has the further advantage of simplifying and 
reducing system accounting overhead as... 
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An improved security system is disclosed which uses especially an IC 
card to enhance the security functions involving component 
authentication, user verification, user authorization and access control, 
protection of message secrecy and integrity, management of cryptographic 
keys, and auditablity. Both the security method and the apparatus for 
embodying these functions across a total system or network using a common 
cryptographic architecture are disclosed. Authorization to perform these 
functions in the various security component device nodes in the network 
can be distributed to the various nodes at which they will be executed in 
order co personalize the use of the components. 
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. SPECIFICATION the manufacture of the IC card. Required conditions for 
che execution of each command are individually programmable by the 
application owner, using command configuration data. Access to a 
command is controlled by the content of a user's authorization profile 

in conjunction with the command configuration data for the requested 
command , 

The user profiles may be downloaded into other security devices in 
the system for the purpose of controlling use of commands, files, and 
programs in system component devices, in addition to the IC card itself. 
The downloaded profile temporarily replaces the authorization profile 
already active in the other device . 

The device command configuration data is not downloaded . The 
downloaded user authorization profile defines the user 's 
security level and authorizations, while the device command 
configuration data defines the authorization required by that device to 
execute a requested command in that device. The same or different 
commands in other devices to which the user ' s authorization profile 
is tranferred may have greater or lesser security requirements defined in 
their command configurations. 

The cryptographic keys associated with file and program authorization 
flag bits . . . 
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ABSTRACT EP 262859 Al 

This adjunct processor arrangement performs a centralized call 
screening function to provide computer port access security. Every call 
origination in the telephone switching system from a calling party (T100) 
to a protected computer port (130) is interdicted by the telephone 
switching system and routed to the adjunct processor (104). The calling 
party (T100) receives a series of prompts from the adjunct processor 
(104) to provide identification information, such as login, password, and 
voiceprint information. The adjunct processor (104) validates the 
identity of the calling party (T100) using this identification indicia 
and initiates a callback operation. The adjunct processor (104) 
disconnects the calling party (T100) from the connection, calls the 
calling party (T100) back and then uses the data call transfer capability 
of the telephone switching system to connect the calling party to the 
computer (113) . 
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INTERNATIONAL PATENT CLASS: G06F-001/00 

. . .SPECIFICATION improved level of security for the computer system, but to 
equip each callback unit with such equipment renders the cost of security 
beyond the reach of almost every computer system manager. 

US -A- 4531023 discloses a business communication system in which 
an adjunct processor provides computer facility access protection. The 
call is routed directly to the entrance to the access port of the central 



computer, where the call waits while an offsite security computer 
validates the caller's identity . When the offsite computer signals 
acceptance to the central computer, the latter completes the call 
connection to the caller. 

US-A-4096356 discloses a business communication system which 
involves call rerouting. However, there is no mention of any application 
to caller validation in a system for accessing a computer, and hence no 



..No. 5, 8th March 1984, pages 131-135, New York, US; J. Smith: "Call-back 
schemes ward off unwanted access by telephone" discloses a business 
communication system involving computer facility access protection , 
apparently involving a form of internal call rerouting within the 
security equipment. The security processor remains connected to the 
calling party after the screening process... 
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It ia also possible to transmit a command by a responder unit 
which actually changes a specific element in the user profile matrix, 
for example, PIN numbers. Thus, it is possible to dynamically change data 
in a particular users' responder to increase or decrease user 
clearance levels or modify personnel identification numbers. This, for 
example, allows a security manager to dynamically adjust the access 
to programs or databases based on changes in commercial philosophy, for 
example if one of the subsidiaries of an organisation was to be sold off 
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English Abstract 

An access control via properties system provides ACL rules based on the 
properties associated with the entries, thereby taking advantage of the 
fact that there are inherent properties associated with each entry and 
does not require any changes to the schema. Once the server supports the 
invention, the system administrator creates a few simple ACL rules and is 
done. The invention structures the ACL rule such that it indicates the 
attributes that the administrator has selected for user access and 
specifies the type of access to be granted to a user which can include: 
read, write or any other privileges that the system supports. The desired 
attributes that the user must have to be granted such access is also 
listed along with the attribute fieldname associated with the desired 
attributes. The directory server will match the desired attributes within 
the specified attribute fieldname with the user's attributes and allows 
access to the directory entry only if the user has the desired attribute 
values. Alternatively, a match function can be specified for the desired 
attributes where the directory server matches the desired attributes with 
the user and the owner of the list of attributes and allows access to the 
directory entry only if both the user and the owner have the desired 
attribute values. When a user accesses a directory entry, the directory 
server selects and analyzes a specific access control command according 
to the attribute being accessed. 

French Abstract 

La presente invention concerne un controle d'acces via un systeme de 
proprietes realisant des regies ACL de liste de controle d'acces reposant 
sur les proprietes associees aux rubriques, ce qui permet de tirer partie 
tiu fait que des proprietes inherentes sont associees a chaque rubrique, 
sans modifier de schema. Dans la mesure ou le serveur est compatible avec 
1 ' i nvention , il suffit a 1 ' adminis t rateur systeme de creer quelques 
regies ACL. L' invention vient structurer la regie ACL de facon qu'elle 
indique les attributs que 1 ' administ rateur veut laisser accessible a 
1 ' ut ilisateur , puis elle specifie le type d'acces a accorder a un 
utilisateur, ce qui peut etre un acces en lecture, en ecriture, ou tous 
autres privileges compatibles avec le systeme. Les attributs dont on 
attend que 1 ' utilisateur dispose pour que lui soit accorde un tel acces 
sont egalement enumeres accompagnes du nom de zone d'attribut associe a 
l'attribut considere . Le serveur de repertoire met normalement en 
correspondance avec les attributs de 1 ' utilisateur les attributs 
souhaites dans les limites du nom de zone de l'attribut specifie, puis il 
n'autorise 1 ' acces a la rubrique de repertoire que si 1 ' utilisateur 
dispose des valeurs d'attribut souhaitees. Selon un autre mode de 
realisation, on peut specifier une fonction de mise en concordance pour 
les attributs souhaites auquel cas le serveur de repertoire met en 
concordance les attributs souhaites avec 1 ' utilisateur et le proprietaire 
de la liste d' attributs, puis il n'autorise 1 ' acces a la rubrique de 
repertoire que si 1 ' utilisateur ainsi que le proprietaire disposent 
ef f ectivement des valeurs d' attributs souhaitees. Lorsqu'un utilisateur 
accede a une rubrique de repertoire, le serveur de repertoire selectionne 
et analyse une commande specif ique de controle d'acces tenant compte de 
l'attribut en cours d'acces. 
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type of access to be granted to a user which can include: read, write, 
or any other 
2 

privileges that the system supports. The desired attributes that the 
user must have to be granted such access is also listed. 

The attribute fieldname associated with the desired attributes is 
specified in the access control command . The directory server 
will match the desired attributes within the specified attribute 
fieldname with the user 's attributes . It will allow access to the 
directory entry only if the user has the desired attribute values. 

Alternatively, a match function can be specified for the desired 
attributes. The 1 0 directory server matches the desired attributes 
with the user and the owner of the list of attributes and allows access 
to the directory entry only if the both the user and the owner have... 
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English Abstract 

A scalable access filter that is used together with others like it in a 
virtual private network to control access by users at clients in the 
network to information resources provided by servers in the network. Each 
access filter use a local copy of an access control data base (3845) to 
determine whether an access request is made by a user. Each user belongs 
to one or more user groups and each information ressource belongs to one 
or more information sets. Access is permitted or denied according to 
access policies which define access in terms of the user groups and 
information sets. The first access filter in the path performs the access 
check, encrypts and authenticates the request; the other access filters 
in the path do not repeat the access check. The interface used by 
applications to determine whether a user has access to an entity is now 
an SQL query. The policy server (3811) assembles the information needed 
for the response to the query from various information sources, including 
source external to the policy server. 



French Abstract 



L' invention concerne un filtre d'acces scalaire utilise avec d'autres 
filtres similaires dans un reseau prive virtuel afin de controler l f acces 
des utilisateurs a des clients du reseau pour obtenir des ressources 
d ' informations fournies par des serveurs sur le reseau. Chaque filtre 
rf'acces utilise une copie locale d'une base de donnees de controle 
:'arres (3845) pour determiner si la demande d'acces est effectuee par un 

1 . i Sc Leur . Chaque utilisateur appartient a au moins un groupe 
^: ' j:. ii isa ceurs et chaque ressource d ' informations appartient a au moins 
un ensemble d ' informations . L'acces est autorise ou refuse en fonction 
des politiques d'acces qui definissent l'acces en terme des groupes 
d ' utilisateurs et des ensembles d ' informations . Le premier filtre d'acces 
dans la voie effectue la verification 6'acces, decrypte, et authentifie 
la demande, les autres filtres d'acces dans la voie ne repetent pas la 
verification d'acces. L' interface utilisee par les applications pour 
determiner si un utilisateur a acces a une entite est alors une demande 
SQL. Le serveur de regies (3811) assemble les informations requises pour 
la reponse a la demande emanant de plusieurs sources d 1 informations , y 
compris une source externe audit serveur. 
Legal Status (Type, Date, Text) 
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One example of this process is the technique described in the 
discussion of access filter 203 by means of which access filter 203 
obtains additional identification information about a user . If the 
information which policy server 2617 obtains from policy server database 
261S and other sources indicates that the action is permitted, policy 
server 2617 sends a policy response 2615 that so indicates and policy 
enforcer 2609 performs the action as indicated at 2610 and returns 
82 

the result via action... 
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English Abstract 

A policy system includes the policy server (2617); a policy database 
(2619) which located at policy decision point (2723); the access/response 
entity (2603); resource server (2711); policy message (2725) and policy 
enforcement point (2721) . System connected through public network (2702) 
or internal network (103). The access filter (107, 203, 403) control 
access by use a local copy of an access control data base to determine 
whether an access request made by a user. Changes made by administrators 
in the local copies are propagated to all of the other local copies. 
Access is permitted or denied according to of access policies (307) which 
define access in terms of the user groups (Fig 9-12) and information sets 
(Fig 13A-18) . The rights of administrators are similarly determined by 
administrative policies (Fig 23A-C) . Access is further permitted only if 
the trust levels of the network by which is made by the sufficient access 
(Fig 25-29) . A policy server component of the access filter has been 
separated from the access filter and the policies have been generalized 
to permit administrators of the policy server to define new types of 
actions and new types of entities. Policies may now further have 
specifications for time intervals during which the policies are in force 
and the entities may be associated with attributes that specify how the 
entity is to be used when the policy applies. 

French Abstract 

La presente invention concerne un filtre d'acces evolutif, utilise 
ensemble avec d'autres filtres semblables dans un reseau prive virtuel, 
destine a controler l'acces, par des utilisateurs chez des clients du 
reseau, aux ressources d ' information mises a disposition par des serveurs 
du reseau. Chaque filtre d'acces utilise une copie locale d'une base de 
donnees de controle d'acces afin de determiner si une requete d'acces est 
effectuee par un utilisateur. Des changements effectues par des 
administrateurs dans des copies locales sont propages a toutes les autres 
copies locales. Chaque utilisateur appartient a un ou a plusieurs groupes 
d' utilisateurs et chaque ressource d ' information appartient a un ou 
plusieurs ensembles d 1 informations . Un acces est permis ou refuse selon 
des procedures d'acces qui le definissent en termes de groupes 
d ' utilisateurs et d' ensembles d ' informations . Les droits des 
administrateurs sont determines de maniere semblable par des procedures 
administratives . En outre un acces est permis seulement si les niveaux de 
confiance d ' un mode d ' identification de 1 ' utilisateur et du chemin dans 
le reseau, par lequel est effectue l'acces, sont suffisants en regard du 
niveau de sensibilite de la ressource d * information . Si necessaire, le 
filtre d'acces code automat iquement la demande a 1'aide d'une methode de 
codage dont le niveau de confiance est suf f isant . Le premier filtre 
d'acces dans le chemin met en oeuvre le test d'acces, code et authentifie 
la demande ; les autres filtres d'acces du chemin ne repetent pas le test 
d'acces. Un composant de serveur de procedure de filtre d'acces a ete 
separe du filtre d'acces et les procedures ont ete generalisees afin de 
permettre aux administrateurs du serveur de procedure de definir de 
nouveaux types d' actions et de nouveaux types d'entites pour lesquelles 
des procedures peuvent etre mises en place. Des procedures peuvent 
maintenant comporter, en plus, des specifications de durees pendant 
lesquelles les procedures font autorite, et les entites peuvent etre 
associees avec des attributs qui specifient comment l'entite doit etre 
utilisee lorsque la procedure s'applique. 
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Detailed Description 

policy-related information 2623 from any location accessible to policy 
server 2617. One example of this process is the technique described in 
the discussion of access filter 203 by means of which access 
filter 203 obtains additional identification information about a user 
, If the information which policy server 2617 obtains from policy server 
database 2619 and other sources indicates that the action is permitted, 
policy server 2617 sends a policy response 2615 that so indicates lo 
and policy enforcer 2609 performs the action as indicated at 261 0 and 
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ABSTRACT EP 1107598 A2 

A method and apparatus for carrying out synchronous co-division 
multiple access (SCDMA) communication of multiple channels of digital 
data over a shared transmission media (1162). The system includes modems 
at remote units (1164) and a central unit (1160) to receive time division 
multiplexed digital data arranged into timeslots or channels and uses 
orthogonal codes to encode each channel of multiple data and spread the 
energy of each channel data over a frame of data transmitted in a code 
domain. Frames are synchronized as between remote (1164) and central 
units (1160) using a ranging scheme which is also useful in any other 
system transmitting data by frames in a distributed system where 
synchronizing the frames as between all units regardless of differences 
in propagation delays is necessary. Each frame in the SCDMA modulation 
scheme includes a gap or guardband containing no other data. 
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...SPECIFICATION two channels, one of which amplifies signals in a high 
frequency range from 45-750 mHz for transmission of data from the head 
end to subscribers , and the other of which amplifies signals in a low 
frequency range from 5-42 mHz for transmission of data from the 
subscribers to the... the subscriber via an access request. This request 
is sent via a message on a randomly selected one of 8 of the 16 command 



and control channels devoted to access requests and downstream 
messages. The 8 access request channels are constantly monitored by the 
CU . The CU then sends a reply message telling the requesting ... However , n 
the preferred embodiment, there are 128 data channels plus 16 management 
and control channels, for a total of 144 channels. Of the 16 management 
and control channels, 4 are access channels which carry traffic from 
the RUs to the CU requesting bandwidth and relinquishing awarded channels 
after the RU is finished using the channels awarded ... transmitter of 
Figure 28A is used in the transceivers of the RU modems. The CU 
transmitters are identical except there is no need for the access 
control circuitry 540 or the multiplexer 544. 

In Figure 28A, block 506 is the diversity code shuffler that implements 
the time to code transformation. The code... 

.548 in the order dictated by write addresses on bus 533. Elswhere 
herein, the manner in which the multiplexer 544 is operated to overlay 
media access control data on buses 542r and 542i with payload data on 
buses 517r and 517i in buffer 548 is described. Buffer 548, when fully 
written, during... of Figure 28A is a register or memory storing command 
and control data such as the pilot channel signal to be transmitted on 
the 16 access and command and control channels. This data arrives on 
bus 398 from the CPU 405. Block 516 is a multiplexer which selects 
between the payload data for the 128 . . . 

.during each symbol. The encoder has three modes previously described, 
and the diversity shuffler 506 controls the mode by a signal on bus 534 . 

Media Access Control 

Block 540 represents circuitry to acquire an access channel and carry 
out media access control communications to implement ISO MAC layer 
protocols. Since there are only 4 access channels across which all 
message traffic requesting channel bandwidth and awarding same... 

. tables . 

Once an access channel is acquired, circuit 540 may, in some 
embodiments, present data on buses 542r and 542i to multiplexer 544 which 
comprise access control messages that are sent on the 4 access 
channels of the 144 total channels. Multiplexer 544 either selects these 
media access messages on buses 542r. . . 

.controlled by switching control signals from the CPU 405 to edit the 
contents of the buffer 548 to overlay the 4-bit groups of the access 
control symbols with the payload data on bus 507 so that the media 
access control 4-bit groups go into the right addresses of the buffer 
548 so as to get spread by the CDMA codes assigned to the access 
channels . 

The media access control messages constitute requests from RUs for 
bandwidth and awards of specific channels to the RUs by the CU in some 
embodiments. The awards of specific... 

.the number of contentions and efficiency considerations. 

Because a reservation scheme is implemented in the preferred 
embodiment, no contentions occur on the 140 non media access control 
payload channels so no contention resolution protocols are carried out 
for these channels since there will be no contentions. However, 
contentions are expected to occur on the 4 access control channels 
shared between all the RUs so contention resolution will have to be 
carried out in the manner described elsewhere herein. 

Spreading of the chips... 850 via bus 854. The command control code data 
is input to C3 circuit 860 from the Viterbi Decoder via bus 854. Tne CPU 
4 05 accesses the command and control data and access channel 
communications from the C3 circuit 860 and the access channel circuit 862 
via bus 1096. The processing of the command and control channel codes 
and access channel codes may also occur in circuits 860 and 862, 
respectively, in alternative embodiments without interaction with the 
CPU, ...barker code to transmit. 

In the preferred embodiment, command, communication and control <C3) 
circuit 860 receives message traffic involved in the ranging, 
authentication and media access control processes as detailed in the 



Mow chares of Figures 7-9 and Figures 29-33 and transmits this data to 
■^PiJ 405 via bus 1096. . . 



23/5,K/7 (Item 7 from file: 348) 

DIALOG (R) File 34 8: EUROPEAN PATENTS 
(c) 2003 European Patent Office. All rts. reserv. 



00952494 

Communication system 
Kommunikations system 
Sy steme de communication 

PATENT ASSIGNEE: 

VICTOR COMPANY OF JAPAN, LTD., (278642), 12, Moriya-Cho 3-Chome, 

Kanagawa-Ku, Yokohama-Shi, Kanagawa-Ken, (JP) , (Applicant designated 
States: all) 
INVENTOR: 

Onodera, Katsuya, 2-9-23-M2-206, Sagamioono, Sagamihara-shi, Kanagawa-ken 
, (JP) 

Kumagai, Nobuaki, 1-11-20-102, Ookubo, Koonan-ku, Yokohama-shi , 
Kanagawa-ken, (JP) 
LEGAL REPRESENTATIVE: 

Poulin, Gerard et al (17984), BREVALEX 3, rue du docteur Lancereaux, 
75008 Paris, (FR) 
PATENT (CC, No, Kind, Date) : EP 863684 A2 980909 (Basic) 

EP 863684 A3 000517 
APPLICATION (CC, No, Date) : EP 98400492 980302; 
PRIORITY (CC, No, Date) : JP 9763754 970303; JP 9782196 970314 
DESIGNATED STATES: DE; FR; GB 

EXTENDED DESIGNATED STATES: AL; LT; LV; MK; RO; SI 
INTERNATIONAL PATENT CLASS: H04Q-007/24; H04Q-007/26 

ABSTRACT EP 863684 A2 

The communication system 1 comprises the network 70, the circuit 
controller 10, the ISDN I/F (Integrated Services Network Interface) 20, 
the PSTN I/F {Private Switched Telephone Network Interface) 30, and the 
radio base station 40, wherein the circuit controller 10 and the radio 
base station 40 are connected to the network 70 and communication between 
mobile radiotelephones 51 through 53 is performed by means of the radio 
base station 40. Further, the mobile radiotelephone 51 can communicate 
with other telephone equipment which are connected to the network 70. 
Furthermore, the mobile radiotelephone 51 can communicate with external 
telephone equipment which are connected to the analog telephone network 
65 or the ISDN network 60 through the PSTN I/F 30 or the ISDN I/F 20. 
These communication are controlled by the radio base station 40, the 
circuit controller 10, and terminal equipment such as the ISDN I/F 20 and 
the PSTN I/F 30. 
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...SPECIFICATION section 13 of a terminal number of the mobile 

radiotelephone 51 and the telephone number to be connected. The circuit 
connection processor section 13 makes access to the call state 



managing section 14 for searching whether a vacant line is available or 
not. The call state managing section 14 sends an available terminal ID 

( Identification ) number back to the circuit connection processor 
section 13 whenever the circuit connection processor section 13 makes 
access to the call state managing section 14, wherein the call state 
managing section 14 is always monitoring call state of each telephone 
connected to the network 70. The circuit connection... 

...40 when the circuit controller control section 13 finds an available 
terminal, and demands the PSTN I/F 30 to issue a "Call setup request" 
command . The communication processor section for terminal equipment 
11 composes the "Call proceeding" command and transmits it to the radio 
base station 40 (step S2) , and also composes the "Call setup request... 
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A display authorization area corresponding a user is selected from maps 
scored in a device, only the selected zone is displayed, and a camera 
which is not authorized for the user to perform information communication 
is inhibited from being displayed. With this arrangement, a camera 
control system having so excellent security that any user cannot see a 
place irrelevant to the user and cannot recognize the position of an 
installed camera is constructed. 
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.SPECIFICATION to/from another video communication terminal 20 via the 
network 52. 

The camera management server 50 manages all the cameras 10 (10a, 10b, 
10c. . . ) included in the video communication terminal 20 connected 
to the network 52 to have present information such as camera names, host 
names (user names), group names to which the users belong... 

.zooming operation. These buttons may be operated to perform a rotating 
operation and a zooming operation to an arbitrarily designated camera 10 
(10a, 10b, 10c...). 

For example, when a camera is accessed from a video communication 
terminal 20, a target camera icon is double-clicked using the mouse 28. 
According to this operation, the camera control client 56 requests... 
display a camera icon corresponding to an authorized camera. 

The camera control client 56 acquires a user name step SI. In step S2, 
the camera control client 56 calls a map access table and a group 
table included in the secondary storage device 26 in which management 
information output from the camera management server 50 is stored. 

The map access table has an arrangement shown in FIG. 7. In the map 
access table, an authorization group and an authorization user are set 
for each map. . . 

. the authorization group, the camera control client 56 refers to the map 
authorization user on the map access table in FIG. 7 (S7) to check 
whether the user which is not included in the authorization group is 
included in the camera authorization user list (S8) . 

If the map is included in the authorization user list, then the map is 
displayed on the map list 68 (S9) . 

Upon completion of a check of map 1, x =1+1=2 is counted in 
step S22 , and an authorization check for map 2 is started. 

The above check is sequentially performed up to map n. When x > n is 
established . . . 

.a camera access table which is used to install camera icons displayed on 
the map window 60 and to install a camera for authorizing information 
communication . 

The camera control client 56 'refers to a camera authorization 
group on the camera access table in FIG. 9 (S16) . If the camera is 
included in an authorization group to which... 

.the camera authorization group is included in the camera authorization 
user list, the camera control client 56 checks whether the camera is in 
use (S19) . If the camera is not being used by another users terminal 
, then the icon of the camera is displayed on the map window 60, 
superposed on the map (S20) . 

In step S21, upon completion of the... the user, but access to some 
cameras is prohibited, in order to help the user to use the system, the 
icons of cameras which can be remote-operated and the icons of 
cameras which are not authorized to be remote-operated may be displayed 
such that the icons are discriminated from each other. When such a 
process...!, and camera q from camera y = p according to the following 
procedure (S112) . 

In step S114, the camera control client 56 refers to the camera 
authorization group on the camera access table which is called from the 
secondary storage device 26 and shown in FIG. 9 to check whether the 
group to which the user belongs... 



. m ..not included in the camera authorization group with respect to camera p 
in step S115, then the camera control client 56 refers to the camera 
authorization user on the camera access table in FIG. 9 in 
step S116. 

If a user determined not to belong to a camera authorization group is 
determined by the camera control client 56 to be. . . 
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Claims 
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English Abstract 

A method of configuring a network access device having a first network 
address allocated to a subscriber of services of a first service provider 
provided by a first service network, with a new network address allocated 
to a subscriber of services of a second service provider provided by a 
second service network, wherein the network access device is connected to 
an access network connected to a plurality of service networks. The 
method comprises the steps of: sending a request from the network access 
device to the access network requesting a change to a second service 
provider; receiving a response from the access network; and initiating a 
network address change request using a configuration protocol. In this 
manner, a second network address allocated to the subscriber of services 
of the second service provider is assigned to the network access device 
to enable the network access device to communicate data packets to the 
service network providing the selected service. In one preferred 
embodiment of the invention, the subscriber is authenticated by a service 
activation system coupled to the access network prior to initiating the 
configuration protocol. Accordingly, the request to the access network 
includes an authentication request for the subscriber. The response 
received from the access network therefore includes an authentication 
status for the subscriber from the second service provider. If the 
subscriber is authenticated, the client initiates the network address 



change request. 



French Abstract 

L' invention concerne un procede de configuration d'un dispositif d'acces 
au reseau, qui attribue une premiere adresse reseau a un abonne aux 
services d * un premier fournisseur de services fournis par un premier 
reseau de services, une nouvelle adresse reseau etant attribuee a un 
abonne aux services d'un second fournisseur de services fournis par un 
second reseau de services. Ledit procede est caracterise en ce que le 
dispositif d'acces au reseau est connecte a un reseau d'acces lui-meme 
connecte a une pluralite de reseaux de services. Le procede selon 
1' invention consiste : a envoyer, a partir du dispositif d'acces au 
reseau, une demande de changement a la faveur d'un second fournisseur de 
services adressee au reseau d'acces ; a recevoir une reponse du reseau 
d'acces ; et a lancer une demande de changement d' adresse reseau au moyen 
d'un protocole de configuration. Ainsi, la seconde adresse reseau 
attribuee a l 1 abonne aux services du second fournisseur de services est 
affectee au dispositif d'acces au reseau pour lui permettre de 
communiquer des paquets de donnees au reseau de services fournissant le 
service choisi. Dans un mode de realisation prefere de 1' invention, 
1 'abonne est authentifie par un systeme d'activation de services couple 
au dispositif d'acces au reseau prealablement au lancement du protocole 
de configuration. Par consequent, la demande adressee au reseau d'acces 
comprend une demande d * authent if ication de 1 1 abonne . La reponse recue du 
reseau d'acces comprend done un statut d' authentif ication relatif a 
1' abonne du second fournisseur de services. Si 1' abonne est authentifie, 
le client lance la demande de changement d' adresse reseau. 
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19th month from priority date 

Fulltext Availability: 
Detailed Description 

Detailed Description 

series of steps to effect a change in the IP address for network 
access device I 0 1 . At step 3 0 1, the user accesses the service 
provider I 0 manager function of the client shown generally at 720 
in Fig. As discussed above, the service provider manager function enables 
the user to select a service provider from a stored. . . 

...changes can be reconciled before displaying the selection of service 
providers to the user. The service activation system 160 is described 
above and can utilize user credentials , either explicitly requested 
or cached automatically, to authorize the fetching of account 
configuration data. If the cached credentials on the client are 
invalid, the attempt to update the list of configured service providers 
may be refused and the user alerted that the credentials need to be 
updated. A specialized account restoration procedure can be utilized by a 
properly-authorized administrative user to update the cached credentials 
. Alternatively, the user may ignore the message and continue using the 
old list of configured service providers. These options may be displayed 
by 
16 

connection using text-based... 

...the service provider manager function to switch to the new service 

provider (svc-2) . If the second service provider is not configured, then 
the service provider manager function 720 of the client can offer 
to add the new service provider. 



The client can be configured to automatically connect to the service 
activation system 160 and enable the... 
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French Abstract 

Selon 1' invention, un systeme de securite et de communications integre 
associe un systeme de securite a une interface de systeme telephonique 
et/ou une interface de donnees. Les utilisateurs ont acces a des 
fonctions de boite vocale ou autres fonctions telephoniques de type PBX, 
dont plusieurs sinon la totalite sont accessibles non seulement a partir 
de combines telephoniques, mais aussi de paves numeriques du systeme de 
securite. Des fonctions de donnees, telles que de courrier electronique 
ou d' acces partiel ou complet a Internet, peuvent etre mises en oeuvre a 
i.sruir des paves numeriques mais aussi d ' ordinateurs personnels ou de 
• c-rninaux d'ordinateur connectes. Les paves numeriques du systeme peuvent 
" ! _re anteliores pour reconnaitre quelques-unes des fonctions ajoutees. Une 
sv.au ior: de communications centrales peut etre utilisee pour assurer des 
communications privees sures, chiffrees par cles, partagees avec chaque 
systeme local, au moyen d'un dispositif redirecteur ou relais permettant 
a chaque systeme local de communiquer de maniere sure avec une station de 
surveillance centrale ou d' autres systemes. Le systeme de communications 
sures de 1' invention peut etre utilise sans systeme de securite pour 
permettre des communications interordinateurs securisees. 
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Claim 

... of said authorization 

unit comprises presentation of said coded token to said 
reader . 

99 The security system of claim 93 having a 
plurality of authorized users , and having an 

authorization unit for uniquely identifying each of at 
least one of said authorized users, wherein: 
a particular authorized user initiates 
said state consistent with presence of an authorized 

user by activating said authorization unit using an 
indicium unique to said particular authorized user; and 
said user control interface presents 

access at said user control interface to electronic 
mail message sending from said particular authorized 
user . 

100. The security system of claim 99 wherein: 

said user control interface comprises a . . . coded token to said 
reader . 

104. The security system of claim 89 wherein: 
said data comprise electronic mail; 
said system has at least one authorized 

user , and has an authorization unit for uniquely 
identifying each of at least one of said authorized 
users; and 

when one of said at least one authorized 
user enters a . . . 

...claim 89 wherein: 

said external data network is the 
Internet ; 

said data comprise World Wide Web pages; 

- 73 

said system has at least one authorized 

user , and has an authorization unit for uniquely 
identifying each of at least one of said authorized 
users; and 

when one of said at least one authorized 
use r enters a . . . 

.unit comprises presentation of said coded token to said 
reader . 

115. The security system of claim 89 wherein: 
said system has at least one authorized 

user , and has* an authorization unit for uniquely 
identifying each of at least one of said authorized 
users ; 

one of said at least one authorized user 

activates said authorization unit using an indicium 

unique to said one of said at least one authorized 

user; 

said external data network is the 
Internet; and 

- 75 
said . . . 

. . .authorized user 



260. The security method of claim 237 
wherein : 

said system has at least one authorized 

user , and has an authorization unit for uniquely 
identifying each of at least one of said authorized 
users ; 

'one of said at least one authorized user 
encers a security system. . . 
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English Abstract 

A channel-based network including a system server (110), one or more 
Internet sites (120) and one or more user terminals (130). The system 
server (110) stores a master channel table (112) that includes a list of 
channel numbers, each channel number having an associated Internet 
address and an associated Internet site name. Each Internet site of the 
network is addressable by an associated Internet address stored in the 
master channel table. Each user terminal automatically (i.e., without 
user participation) downloads and stores a local copy of the master 
channel table. The channel numbers and associated Internet site names are 
read from the downloaded local copy of the channel table and displayed, 
for example, on a television in a menu-like manner. The user selects an 
rmernet site name from the displayed menu, and enters the channel number 
associated with the selected Internet site name using an input device 
•hau is similar to a television remote control. The user terminal then 
accesses the selected Internet site by reading the Internet address 
associated with the entered channel number, and transmitting the Internet 
address onto the Internet. 

French Abstract 

L' invention concerne un reseau, base sur des canaux, qui comprend un 
serveur systeme (110), un ou plusieurs sites Internet (120) et un ou 



plusieurs terminaux utilisateurs (130). Le serveur systeme (110) memorise 
une table (112) de canaux maitresse comprenant une liste de numeros de 
canaux, chaque numero de canal etant assorti d'une adresse Internet 
associee et d'un nom de site Internet associe. Chaque site Internet du 
reseau est adressable par une adresse Internet associee stockee dans 
ladite table de canaux maitresse. Chaque terminal utilisateur telecharge 
et enregistre automatiquement (cad, sans la participation de 
1 1 utilisateur ) une copie locale de la table de canaux maitresse. Les 
numeros des canaux et les noms de site Internet associes sont lus sur la 
copie locale telechargee de la table de canaux puis affiches, notamment 
sur un recepteur de television a la facon d'un menu. L 1 utilisateur 
choisit un nom de site Internet dans le menu affiche, et il entre le 
numero de canal associe au nom du site Internet choisi au moyen d'un 
peripherique d 1 entree similaire a une telecommande de television. Le 
terminal utilisateur accede ensuite au site Internet choisi apres lecture 
de 1' adresse Internet associee au numero de canal entre, puis 
transmission de 1' adresse Internet via 1' Internet. 
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Claim 

. . . Internet sites that can be accessed by a 

young user. For example, an adult administrator (e.g., 

USER 1) of a set-top box may restrict access of a minor 

user (e.g., user 2) to an adult-content site (e.g., ADULT 

SITE, channel number 60) by setting the parent code ... The limited-write 

data, which is located within the 

31 write protect fence in Fig. 3(B), includes a customer 

32 number 331, a personal identification number ( USER PIN) 

33 332, a user home page URL 333, a security password 334, 

34 POP information 335, and user age identifier 336. In one 
1 2 

PCT/US01/02550 embodiment, a "customer" is defined as the group of users 
associated with user terminal 130-A that... 



. . one or more 

children. Each user will typically have his or her own 
smart card. Each person in a customer group will share 
Che same customer identification number 331. However, 
each person in a customer group will have a unique PIN 

10 332. As discussed below, the customer identification 

11 number 331 is matched with a serial number stored in 

12 asset manager flash 222 by server 110. Home page URL 

13 field 333... 110 and set-top box 131 
] 5 

and associated hardware resources are generally accurate, 

some simplifications are employed to avoid confusion. 

For example, Fig.. 4 user identification ( USER ID ) depicts 

information passing directly from smart card 232 to an 

"AUTHORIZATION/VERSION CHECK" function performed by CPU 

210 of set-top box 131, instead of... to control the types of Internet 

sites available 

23 to a particular user (i.e., a child). For instance, the 

24 user terminal administrator may restrict access to all 

25 sites rated "PG" or "G" . In another embodiment, these 

26 parental guidance codes may be utilized by server 110, in 

27 conjunction ... server 110 automatically performs several network 
operation functions that maintain and update channel 

based network 100. The network operation functions 



. performed by server 110 include user terminal 

authorization ( AUTHORIZATION ), download control { DOWNLOAD 
CNTL) , update control (UPDATE CNTL) , version check 
(VERSION CHECK). As described in detail below, CPU 412 
automatically performs (i.e., without user participation) 
the terminal authorization and download control functions 
such that server 110 to controls (authorizes) and updates 
user terminals of channel-based network 100 from a 
centralized location, thereby. . . 

. . . database 

20 418 is updated to include a new record for the new user. 

21 Referring to Fig. 5(C), this process involves entering 

22 terminal and user identification data, and the version 

23 number of the master channel table stored in channel 

24 table database 414. For example, assuming that a portion 
25 . . . method . 

In an alternative embodiment, channel table data may be 
stored in an unencrypted form, and encryption can be 
performed during download to a user terminal (however, 
this embodiment may delay download procedures ) . Next, an 
update policy is generated (step 645) that schedules 
downloading of the updated channel table information to 
the user terminals. Finally, update manager database... 

...authorized by server 110, and if a more recent 
22 

version of the channel table is stored in channel table 
database 4 14 than by the user terminal , an authorization 
code and update available code are transmitted to the 
requesting user terminal. In response to these codes, 
the user terminal will automatically request a channel... 
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English Abstract 

An existing security association is re-established when a communication 
handover event occurs in a radio communications system such as IEEE 
082.11 or a HIPERLAN wherein the existing security association between a 
mobile terminal and a wireless communication network is maintained when 
the communication handover occurs within the network. Authentication 
during a handover event is achieved by a challenge/response procedure. In 
accordance with the challenge/response procedure each member of a 
communication pair that is made up of a new access point and the mobile 
terminal that is experiencing a handover to the new access point sends a 
challenge to the other member of the communication pair. Each member of 
the communication pair then calculates a response to its received 
challenge, and these responses are sent back to the other member of the 
communication pair. Each member of the communication pair then compares 
its received response to a correct response. When these comparisons are 
correct, payload communication begins between the second access point and 
the mobile terminal. 



French Abstract 

Une association de securite existante est re-etablie lorsqu'un evenement 
de transfert intercellulaire de communication se produit dans un systeme 
de communications radio tel que IEEE 082.11 ou un reseau de zone locale 
radio a haute performance (HIPERLAN), 1 1 association de securite existante 
entre un terminal mobile et un reseau de communication sans fil etant 
maincenue lorsque le transfert intercellulaire de communication se 
produit a 1 ' interieur du reseau. L ' authent i f ication pendant un evenement 
de transfert est realisee par une procedure de demande d ' acces/reponse . 
Seion ladite procedure, chaque element de deux communications qui est 
constitue d ' un nouveau point d'acces et du terminal mobile experimentant 
un transfert intercellulaire vers le nouveau point d'acces envoie une 
demande d'acces a 1' autre element des deux communications. Chaque element 
des deux communications calcule alors une reponse a sa demande d'acces 
recue et ces reponses sont renvoyees a 1' autre element des deux 
communications. Chaque element des deux communications compare ensuite sa 
reponse recue par rapport a une reponse correcte. Lorsque ces 
comparaisons sont correctes, une communication de charge utile commence 
entre le second point d'acces et le terminal mobile. 
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Claim 

. . . second 
access-point ; 

first-comparing said authent icate-access-point-response to a correct 
id given mobile 
response at sa -termi 

second-comparing said authenticate-mobile- terminal -response to a 

id second access-point-, and 
correct response at sal I 

1 5 initiating communication between said given niobile-terminal and said 
Z 

second access-point based. . . 



.first-comparing step and said secondcomparing step. Claim 3. The method 



of claim 2 wherein said plurality of mobile 

I 1 

terminals have a media access control laver and compatible phN sical 
lavers. and wherein said messages are media access control messages. 
Claim 4 . The method of claim 3 wherein said messages are transmitted 
within a wireless LAN such as IEEE 802.11 or HIPERLAN/2 . . . if said 
access-polilt-response is correct as a 
C7 

function of said given security-association" 

eighth means at said second COMMUnication-access-point and 

id mobile- terminal -resporise for determining if said mobile 
responsive to sal III 

terminal-response is correct as a function of said (Tiven 

security-association 

established . . . 

...sending said mobile-terininal-challen ( ye to said inobile-terininaL 
responding to said mobile-terminal-challerl (re at said mobile-terininal 
and generating a mobile- terminal -response as a function of said given 
security-association; 

sending said mobile- terminal -response to said second 
cormilLinicatioll 
access-point ; 

responding to said access-point-challenge at said second 
communication-access-point and generating Lill access-point-response. . . 
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English Abstract 

In a telecommunications network environment including non-participating 
elements and participating elements, a method for providing a 
telecommunications service between a first peer element connected to the 
telecommunications network environment and a second peer element 



connected to the telecommunications network. At a first peer element, an 
indication of the type of telecommunications service to be provided 
between the first peer element and the second peer element is received. A 
telecomunications service template in association with the indicated 
telecommunications service is determined, the telecommunications service 
template including instructions for configuring the non-participating 
elements of the telecommunications network environment to provide the 
indicated telecommunications service and instructions for configuring the 
participating elements of the telecommunications network environment. The 
telecommunications service template may further comprise routing 
instructions for the non-participating elements of the telecommunications 
network environment and routing instructions for the participating 
elements of the telecommunications network environment. 



French Abstract 

Procede permettant, dans un environnement de reseau de telecommunications 
avec elements non participants et elements participants, d f assurer un 
service de telecommunication entre un premier element homologue connecte 
audit environnement de reseau de telecommunications et un second element 
homologue connecte au meme reseau de telecommunications. Au niveau d'un 
premier element homologue est recue une indication quant au type de 
service de telecommunications a fournir entre le premier et le second 
element homologues . On determine une grille de service de 
telecommunications, grille qui renferme des instructions pour configurer 
d'une part les elements non participants de 1 1 environnement de reseau de 
telecommunications en vue de la fourniture du service de 
telecommunications specif ie, d' autre part les elements participants de 
1 1 environnement du reseau de telecommunications. Cette grille peut 
egalement renfermer des instructions d ' acheminement , tant pour les 
elements non participants que pour les elements participants de 
1 1 environnement du reseau de telecommunications. 
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Claim 

Local Interdomain Services 
Global Interdomain Services 
Purpose To establish the limits of use for End Users within the End User 
Organization as well as to limit the access and visibility into the 
End User Organization Domain for End Users within other End User 
Organizations that would try to establish a service connection to. . . 
components into more complex service templates. 

10. M. 2 Provide a mechanism to interpret service templates for use by the 

orthogonal control mechanism. 

FIG . III? Workstation Functions (cont.) 

Ref # ; Function Category 

10 IC. I Provide a facility for storing and selectively retrieving 
service Evident 

templates and components with separate access for privately 
(locally defined) as well as globally defined (interdomain... 
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English Abstract 

A method for formatting and routing data between an external network and 
an internal IEEE 1394 network is provided. The method comprises receiving 
a data packet at a gateway device, separating data information from the 
data packet, reformatting the separated data information from a first 
digital format into a second digital format, selecting a transmission 
mode for communicating the data information in the second digital format 
to a particular node residing on the internal network, preparing a 
portion of the data information in the second digital format for 
transmission in the selected transmission mode, and transmitting the 
portion of the data information in the second digital format to the 
particular node via the selected transmission mode. 

French Abstract 

L' invention concerne un procede de formatage et d 1 acheminement de 
donnees entre un reseau exterieur et un reseau IEEE 1394 interieur. Le 
procede consiste a recevoir un paquet de donnees dans un dispositif 
passerelle, a separer les informations de donnees du paquet de donnees, a 
reformater les informations de donnees separees d'un premier format 
numerique dans un deuxieme format numerique, a selectionner un mode de 
transmission pour communiquer les informations de donnees dans le 
deuxieme format numerique dans un noeud particulier residant dans le 
reseau interieur, a preparer une partie des informations de donnees dans 
le deuxieme format numerique pour les transmettre dans le mode de 
transmission selectionne, puis a transmettre la partie des informations 
de donnees dans le deuxieme format numerique au noeud particulier via le 
mode de transmission selectionne. 
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Claims 
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English Abstract 

An access system (10) and method provide interactive access to an 
information source, such as the Internet, through a networked 
distribution system, such as a television distribution system (11) . Each 
user in the television distribution system can access the Internet 
through an associated terminal (54) by sending commands through an 
upstream channel (22) to a headend server (38) which is interfaced 
between a television network headend (34) and an Internet Service 
Provider (ISP) (60). The headend server manages all Internet information 
requests from the terminals by forwarding the requests to the ISP and 
receiving the requested information therefrom. An Internet Protocol (IP) 
address is assigned only to the headend server which keeps track of the 
terminals requesting information by means of terminal identification 
numbers or codes associated with each request. The headend server also 
maintains a plurality of Internet browser applications (75) active at all 
times to insure that a terminal requesting Internet access can be 
immediately interfaced to the ISP through one of the active browser 
applications. Each of the downstream television signals includes a 
vertical synchronization signal that is preferably employed to generate a 
framing signal for synchronizing upstream transmission of the data 
packets comprising the information requests from the terminals. 

French Abstract 

L' invention concerne un systeme (10) et un procede d'acces permettant un 



acces interactif a une source d ' informations , telle qu 1 Internet, par un 
sysceme de distribution en reseau tel qu ' un systeme de distribution de 
television (11). Chaque utilisateur du systeme de distribution de 
television peut avoir acces a Internet par un terminal associe (54) en 
envoyanc des commandes par un canal en amont (22) a un serveur de tete de 
reseau (38) faisant interface entre une tete de reseau de television (34) 
et un fournisseur d'acces Internet (ISP) (60). Le serveur de tete de 
reseau gere toutes les demandes d ' informations a Internet provenant des 
terminaux en acheminant les demandes a I 1 ISP et en recevant de l'ISP les 
informations demandees . Une adresse de protocole Internet (IP) est 
attribuee uniquement au serveur de tete de reseau qui garde la trace des 
terminaux demandant des informations grace a des numeros ou codes 
d ' identification associes a chaque demande. Le serveur de tete de reseau 
maintient egalement plusieurs applications d 1 explorateur Internet (75) 
actives a tout moment pour assurer qu'un terminal demandant un acces a 
Internet peut etre immediatement mis en interface avec l'ISP par une des 
applications d ' explorateur actives. Chaque signal de television en aval 
comprend un signal de synchronisation vertical qui est utilise de 
preference pour generer un signal de verrouillage de trame destine a 
synchroniser une transmission en amont des paquets de donnees contenant 
les demandes d ' informations provenant des terminaux. 
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only a single IEP address to the application server 68 for managing all 
of the Internet access and information requests from each of the set 
top terminals 54 . 
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ABSTRACT 

PROBLEM TO BE SOLVED: To attain a more flexible operation of a network by 
performing integrated and unitary management via an access control 
server for the access control processes which are so far carried out 
by a work server, a DB server, a groupware server, etc., in a conventional 
ACL and also grasping the temporary constraint set for the use of a network 
system and the user access state by means of the access tickets. 

SOLUTION: An access control server 50 checks the access authority of 
a user to a work server 6 based on the confirmation result of the user's 
certificate acquired by an integrated authentication server 2 after the 
user is authenticated or when the work requests of the user are 
transferred to the server 50 from the clients 8 and 20. If the access 
authority of the user is legal, the work requests of the user are 
permitted to the server 6. In this case, a fact that the communication 
contents are never shown to the outsiders is guaranteed. 
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ABSTRACT 

PROBLEM TO BE SOLVED: To prevent a program downloaded in a client terminal 
by way of a network from performing an unlawful processing that a user does 
not intend. 

SOLUTION: A client terminal 400 transmits a service requests 

including an object identifier of a client object program, its 
proq rammer signature and position information on the client terminal 400 to 
execution server 401. Only when it verifies the programmer signature and 
■ .-.lirms its completeness, the execution server 401 retrieves the object 
: J^rv-i f ier and its programmer name from a client object management file 



1625. Only when they are retriev 
confirmed by referring to an acce 
when there is the use authority, a 
services are provided. 

COPYRIGHT: (C) 1999, JPO 



ed, service use authority of a user is 
ss management file 1624. Then, only 
server object program is executed and 



14/5/9 (Item 9 from file: 347) 

DIALOG ( R) File 347: JAPIO 
(c) 2003 JPO & JAPIO. All rts. reserv. 

05986084 **Image available** 

SECURITY MANAGEMENT METHOD FOR NETWORK SYSTEM 



PUB . NO. : 
PUBLISHED: 
INVENTOR (s) : 
APPLICANT (s) 

APPL. NO. : 

FILED: 

I NTL CLASS: 

JAPIO CLASS: 



10-269184 [JP 10269184 A] 
October 09, 1998 (19981009) 
SAITO YOKO 

HITACHI LTD [000510] (A Japanese Company or Corporation), JP 
(Japan) 

09-076954 [JP 9776954] 

March 28, 1997 (19970328) 

[6] G06F-015/00 ; G06F-001/00 

4 5.4 (INFORMATION PROCESSING — Computer Applications); 4 5.9 
(INFORMATION PROCESSING -- Other) 



JAPIO KEYWORD: R303 

ABSTRACT 

PROBLEM TO BE SOLVED: To provide a security management method for 
facilitating transition from a present user authentication system by a user 
ID and a password to a single sign-on by the utilization of a certificate. 
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requested by transmitting the information of the 
lient 8 to a job server 6 and the confirmation of the 
ed by transmitting the information of the certificate 
6 to an integrated authentication server 2 . The 
tion server 2 confirms the certificate, then obtains 
ion of a user from a server 3 and checks the right to 
6 of the user. At the time of appropriate access, the 
sword and access -to- data control information are 
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ABSTRACT 

PROBLEM TO BE SOLVED: To safely and flexibly protect the common resource in 



a distributed system sharing the resource of a remote site through the use 
of a computer network. 



SOLUTION: When a server 102 receives a service request from a client 
103, the identifiers of a terminal and a user are obtained from the 
service request and authority against the service request is uniquely 
decided from the obtained identifiers of the terminal and the user. 
Then, whether the service request is to be received or not is judged by 
using decided authority. 
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ABSTRACT 

PURPOSE: To use an inexpensive and widely general terminal equipment and to 
protect the data extremetely high in confidentiality or operation security 
by permitting a certain user to execute specific operation only at the time 
of accessing the specific operation from a previously registered specific 
terminal equipment. 
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CONSTITUTION: When a terminal 12 is connected to a server 11 in a personal 
computer network, a terminal ID file is automatically transferred 
: rofii the terminal 12 to the server 11. The server 11 checks whether the 
sent terminal 12 is usable operation or not in accordance with the 

contents of an access control table 18. After rewriting the contents of 
a terminal ID file 20 by a specific cipher system based upon date 

information, the ID file is transferred from the server 11 to the terminal 
12 at the end of operation, so that preceding access information and the 
ciphered terminal ID become succeeding terminal ID. 
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ABSTRACT 

PURPOSE: To easily protect the file secrecy for each user by setting the 
names of groups of terminals as the elements to decide permission for use 

- he files. 

* * T : 'T 1 ON : A session set-up means 4 acquires the information on each 
s* -si or. via a terminal control means 2 and stores these acquired 
;r : :raia: ion into the session control information 5. When the terminal 

identification name and an acquiring request of the terminal group 
names are received from the means 4, a terminal control file control means 
6 retrieves a terminal control file 7 and sends the terminal group name of 
the corresponding terminal identification name to the means 4 in reply. 
Then the means 6 compares the use-permitted terminal group name with the 
terminal group name informed from a conversation control means 3 against 
a file access request of the means 3 and decides whether the use of the 
relevant terminal is permitted or not. If not, the file access request is 
rejected. As a result, the secrecy can be easily protected for each group 
of user files. 
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Physical storage devices access managing method for computers 
systems, involves sending device access request from privileged 
user to disk drive without passing through file system/LVM mapping layer 
of host computer 

Patent Assignee: EMC CORP ( EMCE-N } 

Inventor: BLUMENAU S M; D'ERRICO M J; HACKETT C J 
Number of Countries: 001 Number of Patents: 001 
Patent Family: 
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Abstract (Basic): US 6449652 Bl 

NOVELTY - A request is received from a user having lesser system 
administrator access privileges, to perform an action on one of the 
physical storage devices. The request is sent to disk drives without 
passing through file system/LVM mapping layer of a host computer, when 
the user is privileged. 

DETAILED DESCRIPTION - INDEPENDENT CLAIMS are included for the 
following : 

(1) Computer readable medium recorded with physical storage devices 
access managing program; 

(2) Host computer; 

(3) Physical storage devices access request responding method; and 

(4) Computer readable medium recorded with physical storage devices 
access request responding program. 

USE - For managing access of physical storage devices e.g. disk 
drives in computer systems. 

ADVANTAGE - Allows specified users having certain privileges to 
directly access data stored on physical storage devices, and prevents 
other users from accessing any storage device data. Hence, reduces risk 
of security breaches and provides system administrators with 
significant flexibility and control over access to the physical 
storage devices. 

DESCRIPTION OF DRAWING (S) - The figure shows a flowchart 



illustrating the raw storage devices controlled access providing 
mechod . 

pp; 20 DwgNo 4/7 

Tide Terms: PHYSICAL; STORAGE; DEVICE; ACCESS; MANAGE; METHOD; COMPUTER; 

SYSTEM; SEND; DEVICE; ACCESS; REQUEST; USER; DISC; DRIVE; PASS; THROUGH; 

FILE; SYSTEM; MAP; LAYER; HOST; COMPUTER 
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Computer resource operation and access control system for Internet, 
performs authentication of identity of client providing request 
for accessing selected computer resources and corresponding server 
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US 20020002688 Al 44 G06F-012/14 
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Abstract (Basic) : US 20020002688 Al 

NOVELTY - A clearinghouse server (30) stores identity data of a 
server (34) and clients connected to the server (34). The clearinghouse 
server authenticates the identity of a client providing a 
request for accessing selected computer resources and the 
corresponding server, based on which access to the selected resources, 
is permitted. 

DETAILED DESCRIPTION - An INDEPENDENT CLAIM is also included for 
computer resource access control method. 

USE - For controlling access to computer resources in computer 
network such as Internet . 

ADVANTAGE - Facilitates information provider to have total control 
over user access , rights management , billing, usage tracking and 
demographic capture over network such as Internet. Provides a secure 
platform for information providers to publish subscription contents to 
the world wide web in a way that assures revenue generation. 

DESCRIPTION OF DRAWING (S) - The figure shows the block diagram of 
the computer resource access control system. 
Clearinghouse server (30) 
Server (34) 
pp; 4 4 DwgNo 3/30 
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Access control system e.g. for controlling access to secure 
location or containers or to television programmes having selected 
ratings or in selected classes has server that receives access requests 
from portable communicating device 
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Abstract (Basic) : GB 2344670 A 

NOVELTY - The system has a potable communicating device (104) such 
as a portable digital assistant with a browser, a server (107) and one 
or more access control devices (101,102) preferably in wireless and 
secure communication across a network, e.g. the Internet. Access 
control is held in a database (108) available to the server . The 
server receives access requests from the portable device , 
identifying the user , and generates access criteria, such as 
biometric data or a cipher lock code, according to the user identity 

and the stored control data. These criteria are transmitted to the 
access control devices and/or portable device. If the user satisfies 
the criteria access is allowed. 

DETAILED DESCRIPTION - An INDEPENDENT CLAIM is included for a 
method of controlling access to a facility in a network using the 
above system. 

USE - For controlling access to facilities, e.g. physical 
access to a building or secure area or container, or access to a 
particular computer system or to a particular television program. 

ADVANTAGE - Enables quick and easy update of access control 
criteria to cater for rapid changes in circumstances. 

DESCRIPTION OF DRAWING (S) - The drawing shows a block diagram 
showing a networked access control system for buildings or secure 
containers . 

access control devices (101,102) 

user interface (103,105) 

portable communicating device (104) 

server (107) 

database (108) 
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Abstract (Basic) : WO 9957863 Al 

NOVELTY - A list of applications to which the user has access 
permission and objects corresponding to each application in the list 
are downloaded. The objects when selected by the user, a request for 
downloading corresponding application to the user station is output to 
server . 

DETAILED DESCRIPTION - Log-on request including user 
identifier is received at the server from a user station. The 
server uses the users log-on identifier to build a list of 
applications for which the user has access permission. An INDEPENDENT 
CLAIM is also included for application access control program 
storage medium. 

USE - For controlling access to applications downloaded from 
server by desktop in client-server system. 

ADVANTAGE - Provides common repository for configuration 
information for users and applets in client-server environment. Allows 
user to login from any computer in the system at any time and have it 
configured automatically at run time according to preferences stored 
for the user at the server. Prevents user from winding up with 
applications configured on desktop to which user does not have access 
by testing each application access preference set by user against the 
application permission present on server. 

DESCRIPTION OF DRAWING (S) - The figure illustrates the operation of 
user log-on and initially establishing users desk top. 
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Abstract (Basic): US 5964886 A 

NOVELTY - Node (104A) is configured to access memories 
(108,110,112) using virtual disk system and to store mapping data 
identifying primary and alternate nodes (104B, 104C). The node (104A) 
includes a driver configured to send data access request to primary 

node . Nodes (104B,104C) has a master configured to access data from 
memory and to convey response via common link. 

DETAILED DESCRIPTION - The driver configured to store copy of data 
access request until driver receives response. The node (104A) is 
configured to store membership data comprising lost of activity node. 

USE - In distributed virtual storage system. 

ADVANTAGE - To maintain consistent mapping between nodes in 
presence of failures, the mapping may be stored in highly available 
database which is used to store permission data to control access 
to virtual devices. Allows storage device to be accessed even if one 
node physically connected to the device fails or storage device path 
fails. Virtual disk system may be designed to serve as interface 
between volume manager and storage device or between client and volume 
manages . 

DESCRIPTION OF DRAWING (S) - The figure represents block diagram of 
cluster configuration, / 
Nodes (104A-104C) ' 
Access storage devices (108,110,112) 
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Abstract (Basic): JP 11238037 A 

NOVELTY - The access control of information to a service user 
(100) is performed with reference to a local user's information 
utilization authority information provided by an operating system (OS) 
to uhe acquired local user name corresponding to the service user who 
^erior-ns the request of the correspondence information (120). DETAILED 
DESCRIPTION - The correspondence information corresponding to the 
convergence of the service user with the information utilization 
authority of an equivalent range, is prepared. A computer (10) matches 
the convergence of the service user and a local user based on a 
correspondence information, by executing a server program (110) after 

receiving a predetermined request from the service user . The 
access path identifier of the server program is returned to the 
service user to establish an access path between the service user and 
the server program. INDEPENDENT CLAIMS are also included for the 
following: a recording medium which stores the information access 
control procedure; an information access control apparatus; and an 
information access control program. 

USE - Applicable for computer information service system. 

ADVANTAGE - Prevents easy usage of information utilization 
authority of service user in service system. Prevents repetitive 
management of information utilization authority of service user. 
DESCRIPTION OF DRAWING (S) - The figure shows the component diagram and 
the information flow of a computer. (10) Computer; (100) Service user; 
(110) Server program; (120) Correspondence information. 
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Abstract (Basic): US 5634111 A 

A computer system comprises a number of computers and an external 



storage device which is connected to the number of computers via a 
common bus. Each of the number of computers includes a device for 
transferring device identifiers (ID's) and commands to the external 
storage device. The external storage device comprises a division device 
for dividing a storage area of the external storage device into a 
number of partitions and a device for affording a number of respective 
device ID's to each of the divided partitions. 

A device selects a partition which has been afforded a device ID 
corresponding to the device ID transferred from the computers . A 
device controls access to the selected partition in accordance with 
a command transferred together with the device ID and transfers a 
result of the access to the computers. Each of the device IDs 
transferred to the external storage device from each of the computers 
differ from each other. 

ADVANTAGE - Is permitted to handle data of different properties by 
use of identical peripheral device, and also external storage device 
which serves as peripheral device. Is permitted to share peripheral 
device among number of computers . 
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Abstract (Basic) : EP 725351 A 

The multi-nodal computer system has nodes (A-E) connected by a 
network (20) . The nodes can provide access to a multiple disk storage 
system (12-18) and has communication links (B,C) to a number of hosts. 
Each node has a microprocessor and input and output ports that serve 
many logical input and output ports. 

When the logical links are established, buffer and queue links are 
prepared for subsequent transactions. When a system requires data from 
another node it sends a request that includes the destination for the 
data and the location of the data. This is entered in the prepared 
buffers and causes the data to be found and returned without involving 



microprocessor interrupts . 

ADVANTAGE - Provides inter-nodal communication that uses few 
interrupts and provides efficient communications. 
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Abstract (Basic) : IE 62686 B 

The data security control process method is carried out by a number 
of data processors connected in a cluster, each processor being 
connected to a storage device and having a memory circuit and a data 
access control circuit. Each processor stores in a storage device a 
user identifier code, and addresses for blocks of data which are 
addressable by a data device. The blocks of data are associated with 
the user identifier codes. A security record is stored in the storage 
device. The security record is associated with a user identifer code. 
Te security record includes at least one other user identifier code. 
The indicator and the associated user identifier code in the security 
record, in combination, specify additional access rights for the data 
device associated with the security record. 

The data access control circuit allows access to the blocks 
of data associated with the user identifier code upon receipt of 
an access request from a data device , and the user interface 
transmits a request for access to additional blocks of data and the 
data access control circuit subsequently referring to the security 
record to determine which blocks of data may be accessed temporarily by 
the data device. 

ADVANTAGE - Achieves optimum advantages of strict access control 
and maximum flexibility to provide for efficient management of 
organisation . 
Dwg. 2/2 

Title Terms: DATA; SECURE; OPERATE; MULTIPROCESSOR; SHARE; MEMORY; SYSTEM; 
SECURE; RECORD; ASSOCIATE; USER; IDENTIFY; CODE; SPECIFIED; ADD; ACCESS; 
DEVICE; ASSOCIATE; RECORD; ACCESS; CONTROL; CIRCUIT 



Derwent Class: T01 

International Patent Class (Main) : G06F-012/14 
File Segment: EPI 



14/5/45 (Item 33 from file: 350) 

DIALOG (R) File 350:Derwent WPIX 

(c) 2003 Thomson Derwent . All rts. reserv. 

009533980 **Image available** 

WPI Acc No: 1993-227521/199328 

XRPX Acc No: N93-174589 

Virus protection device for computers - uses identification means and 
identification unit to confirm user identity to control access to 
restricted areas of computer data and programs 

Patent Assignee: ONYX TECHNOLOGIES USA INC (ONYX-N) 

Inventor: KEDMI S Y; LENGER E D 

Number of Countries: 019 Number of Patents: 001 
Patent Family: 

Patent No Kind Date Applicat No Kind Date Week 

WO 9313477 Al 19930708 WO 92US11374 A 19921223 199328 B 

Priority Applications (No Type Date) : US 91812733 A 19911223 
Cited Patents: US 4757533; US 5012514 
Patent Details: 

Patent No Kind Lan Pg Main IPC Filing Notes 
WO 9313477 Al 32 G06F-009/06 

Designated States (National) : CA JP KR 

Designated States (Regional): AT BE CH DE DK ES FR GB GR IE IT LU MC NL 

PT SE 

Abstract (Basic): WO 9313477 A 

The protection device (10) comprises a manager (40), a protected 
area definition unit (42), and a command recognition unit (44). 
The manager provides installation operations , and classification 
and identification of system users . The definition unit defines a 
protected area (30) and identifies files within the protected area. The 
recognition unit recognizes when one of a predetermined set of commands 
stored in a protected file allocation table { FAT) (32) . 

An identification means (46) is connected to an identification unit 
(48) which compares the identification received to that expected for a 
particular user and notifies the manage whether a match exists. Without 
a match access to the protected area (30) is denied. The definition 
unit searches a FAT (24) provided by the CPU (14) for the sector of 
disks where the selected files are stored. 

ADVANTAGE - Provides protection against virus programs without 
requiring knowledge of any virus programs. 
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ABSTRACT 

PROBLEM TO BE SOLVED: To prevent a job from being discarded exceeding a 
charging limit by holding a charging limit value for a client and 
restricting the client to transmit a job according to the result of a 
decision on whether or not a charged amount corresponding to a job request 
from the client reaches the limit value. 

SOLUTION: A total management manager 410 holds an attribute table, a 
subaddress, a service ID , a user authentication table, an access 

control table, an event setting table, an event format table, an account 
ID table, and a table of users allowed to charge respective account IDs on 
a disk and totally manages the operation of a controller. Then the charging 
limit value for the client is held and the client is restricted to send 

r.he job according to whether or not the charged amount corresponding to 
the job request from the client reaches the limit value. 

COPYRIGHT: (C) 2000, JPO 
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ABSTRACT 

PROBLEM TO BE SOLVED: To appropriately manage the access to service of 
a user even in the case of requiring the approval of another user at the 
time of utilizing the service. 



SOLUTION: This server 2 performs a log-in processing by using a user 

identifier and a password sent from the client terminal 1 and a user 
management file 202 provided in itself first. Then, service management is 
performed by using a service provision request sent from the client 

terminal 1 and a service management file 42 provided in itself. In the 
case of judging that it is required to obtain the approval from the other 
user at the time of providing the service, the approval is requested to the 
client terminal 1 used by the user. In the case that a response to the 
approval request is approval acceptance, a processing corresponding to the 
service provision request is performed. In the case of approval denial, the 
user who requests the service provision is informed of that effect. 
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ABSTRACT 

PURPOSE : To enable high-level access control for WWW communication 
services intended for an unspecified number of users. 

CONSTITUTION: A client-side computer 101 and a server-side computer 102 are 
connected by a network, 103. The computer 101 issues an information 
acquisition readiest to the computer 102 according to a URL from a 

user and the 102 sends information in the information storage part 203 
shown with the URL of the request to the 101. The service control part 401 
of the 102 generates an interaction ID in the initial stage of access from 
the user, registers it in an interaction storage part 405, and provides 
information obtained by adding the interaction ID to the URL required for 
next access for the user . The interaction ID is taken over by the URL 
of the information acquisition request issued by the 101 and the 401 checks 
the interaction ID sent from the 101 to perform the access control . 
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ABSTRACT 

PURPOSE: To suppress as much as possible the amount of data to be 
transferred and the frequency of transfer between computers constituted on 
a distributed network and to improve response time by transferring data for 
the unit of a page including an access requested part corresponding to a 
file access request from a client computer. 

CONSTITUTION: When an 'on-demand page transfer request 1 is issued from 
a client computer 20 to a server computer 10, an on-demand transfer 

means 10b checks the file header of a real file store 11 and calculates the 
storage position of the transfer requested page by referring to a page 
managing part after the identity of the relevant file is confirmed. Next, 
the access page number of an access control part is investigated and 
when there is not the same page number as the transfer requested page 
number, the transfer requested page number is set to the access page 
number. Further, the identification number of the client computer 20 is 
set to a client, and the file transfer of requested page data is executed 
through a transmitting means 10a to the client computer 20. 
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ABSTRACT 

PURPOSE: To improve serviceability, flexibility and efficiency by 
permitting a table access control function to refer to an information 
control table, collating it with user identification confirmation 
information and setting and executing an access confirmation mode. 

CONSTITUTION: When a network control processor 5 receives a network 
informa tion request given from a terminal equipment 3 if the general 
user terminal equipment 3 calls a network control device 4 and obtains the 
supply of network information resources, a user is identified by reception 
data. If it is judged not to be a specified user 2, the processor 5 selects 
a geneal user routine, gives a prescribed operation instruction to 
respective programs, a related logical circuit and a storage device and 
identifies a request content from reception data. When the processor 5 
receives a hierarchy password transmitted from the specified user terminal 
equipment 2, a password processing circuit 7 executes a confirmation 
processing and gives hierarchy password confirmation correspond ing to the 
access information resources and access permission to an access 
control circuit 8. 
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ABSTRACT 

PURPOSE: To enable the access of a work station through a communication 
means from an optional place by comparing and collating inputted individual 
information with previously registered individual information and directly 
corresponding to an access request only when an accessing person is a 
registered individual person. 

CONSTITUTION: When the access request is received through the communication 
means such as a telephone, etc., the individual information such as an 
individual name and an individual ID number, etc., inputted from the 
accessing person through the communication means is recognized and the 
Ir. pieced individual information is compared and collated with previously 
registered individual information to decide whether the accessing person is 
previously registered person or not. And when the accessing person is the 
previously registered individual person, the incoming call is connected to 
the work station main body so as to directly correspond to the access 
request . Meanwhile, when the accessing person is the one other than the 
previously registered person, the incoming call is once connected to a 
telephone terminal and then connected to the work station main body so as 
to deal with the access request by controlling the connection by an 
operator at need. 
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File sharing system through network, acquires file from file server , 
according to authorization of request , and transmits acquired file 
to requested terminal 
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Abstract (Basic) : JP 2002342144 A 

NOVELTY - A server (2) manages the access control 
information, based on an access request from a terminal (1) . The 
server acquires the file from a file server (3), and transmits to the 
requested terminal , based on the authorization of request. 

DETAILED DESCRIPTION - INDEPENDENT CLAIMS are included for the 
following : 



(1) File sharing program; and 

(2) File delivery method. 

USE - For sharing files through network. 

ADVANTAGE - Ensures high degree security, and realizes flexible 
access control . 

DESCRIPTION OF DRAWING (S) - The figure shows the block diagram of 
the file sharing system. (Drawing includes non-English language text) . 

Terminal (1) 

Server (2) 

File server (3) 
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Multi-level access control provision in shared computer window, 
involves executing command in system, when received command from 
remote user, directed towards local computer system, is passed 
through filtering process 
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Abstract (Basic) : WO 200190894 A2 

NOVELTY - A command received from the remote user on the system, is 
directed towards the local computer system in order to operate the 
system. When the command passing through filtering process, the command 
is executed on the system. The command on shared window on system is 
displayed, so that remote user can view the command. 

DETAILED DESCRIPTION - INDEPENDENT CLAIMS are also included for the 
following : 

(a) Computer readable storage medium storing program instruction; 

(b) Shared window provision apparatus 

USE - For providing multi- level access control in shared 
computer window for remotely controlling computer system. 

ADVANTAGE - Allows the user to easily control multi- level 
access in computer system, thereby efficiency of the system is 
improved . 

DESCRIPTION OF DRAWING (S) - The figure shows the window for 
allowing remote user. 
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Abstract (Basic): WO 200130009 A2 

NOVELTY - Authorization of user command is validated and 
internet access is inhibited by limiting bridging communication 
between a pair of ports in response to the validated user command . 
The communication is maintained with a remote device on a link via 
one of ports using multiple communication protocol layers, when 
bridging communication is inhibited. 

USE - For use in secure internet compatible bidirectional 
communication device such as cable modem computer, TV, VCR, set top box 
or associated peripheral device. 

ADVANTAGE - Shields the consumer network services connected to the 
modem from exterior traffic. Also prevents unauthorized users from 
accessing the internet through modem. 

DESCRIPTION OF DRAWING (S) - The figure shows the flowchart of the 
method for inhibiting and unlocking internet access using cable modem. 
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Automatic computing resource management method in information handling 
system, involves receiving requests from clients to access computing 
resource and notifying users that requests has been processed 
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Abstract (Basic) : US 6058426 A 

NOVELTY - Computing resource management system has a distributed 
access administration tool (DAAT) (104) which receives request 
from client (112-112N) to access the computing resources, processes 
then and sends the request to application agents (214-214N) . The 
application agents in turn process the request and sends a return code 
to DAAT, so that users are notified with the processing of resource 
request . 

DETAILED DESCRIPTION - The DAAT server receives one or more 
requests from clients to access one or more computing resources. It 
then checks one or more rules and tasks to determine the approvals 
needed to the granted from the system of distributed computing 
environment to grant access to a requested computing resource. After 
obtaining the approval, the DAAT sends one or more request to the 
application agents through the master objects (114). The application 
agents inturn processes the request and sends a return code to DAAT. On 
receiving the return code, the DAAT checks one or more rules to 
determine whether notifications are to be sent to appropriate persons. 



Then, the DAAT sends notification to users that their requests have 
been processed. INDEPENDENT CLAIMS are also included for the following: 

(a) resources managing program; 

(b) apparatus for managing resource in distributed computing 
environment 

USE - Used in large and small business organizations using LAN for 
managing system resources. 

ADVANTAGE - Efficiently manages and allocates resources in 
information handling system. Allows users to request and obtain access 
to all needed resources in one place. Resource allocation and use may 
be easily tracked, and hence user authorization are easily 
revalidated or canceled at same time, thus maintaining high level of 
security . 

DESCRIPTION OF DRAWING (S) - The figure illustrates the automatic 
computing resource management method. 

Distributed access administration tool (104) 
Clients (112-112N) 
Master objects (114) 
Application agent (214-214N) 
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Abstract (Basic) : JP 2000047997 A 

NOVELTY - A right-to- access limit enquiry unit which performs 
an enquiry to the agent authentication server (120) is provided in each 
agent system (100) to check the authority of agent operation . The 
server is provided with a right-to- access limit inspection which 
judges whether access is legitimate when the right-to- access limit 
opposing to an agent is maintained and there is an enquiry. 

DETAILED DESCRIPTION - An INDEPENDENT CLAIM is also included for 
the following: 

(a) a mobile type agent management control procedure; 

(b) and a distributed component computer system. 
USE - Mobile type agent system. 

ADVANTAGE - Allows user ' s authority to an agent to be 
maintained. Prevents tapping and alteration during moving of agent. 
Achieves security, authentication, and improvement of access control 

DESCRIPTION OF DRAWING (S) - The figure is a block diagram showing 
the components of a multiple agent system which consists of multiple 
agent, and distributed component computer system which consists of an 
agent authentication server. 



Agent system (100) 

Agent authentication server (120) 
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Abstract (Basic) : WO 9938080 Al 

NOVELTY - A receiving terminal receives a user request for 
data and encrypts an identifier using a first code and a data access 
request using a second code. The two encrypted items are passed to a 
first database which decodes the identifier and determines whether the 
user has authorization to request the desired data. If authorized, 
the first database then retrieves an associated access level and 
internal identifier and forwards these with the still encrypted data 
access request to a second, separate database which retrieves the 



requested data. 

DETAILED DESCRIPTION - An INDEPENDENT CLAIM is included for a 
system for managing sensitive data. 

USE - Storing highly sensitive data securely. 
ADVANTAGE - Prevents System Administrators from accessing 
sensitive information by restricting their access to the first 
database . 
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WWW gateway system for computer, network - has user management 
communication unit to communicate with user management control unit 
which forwards detection request from WWW gateway main body to 
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Abstract (Basic): JP 9265443 A 

The system (7) has an user authentication information table (19) 
which matches and user authentication information input by a client 
with an user authentication identifier . The user authentication 
information is supplied based on an user authentication request. The 
user authentication information is detected based on detection request. 
An user authentication information management unit (17) deletes the 
authentication information which controls the access time for every 
user. An existing system enquiry unit (18) receives the user 
authentication information from the management unit. A WWW gateway 
communication unit (15) communicates with a WWW network. An user 
authentication request is sent to the existing system inquiry unit 

based on the user authentication information registration request 
received from the WWW gateway mainbody through the communication unit 
. The authentication information identifier acquires the 
authentication registration request for the management unit . 

The authentication information request received from the network 
through the communication unit is forwarded to the management. An user 
management controller (13) forwards the deletion request received from 
the main body through the communication unit according to a 
communication break request from the user, to the management unit. 
An user management communication unit (14) communicates with the user 
management control unit for informing deletion request. 

ADVANTAGE - Improves security of user authentication information. 
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and access classification, corresponding to protocol 
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Abstract (Basic): JP 9258932 A 

The apparatus includes a job receptionist unit (1) which 
receives the printing request from a user. The user's name and his 
name identifier are extracted by a name and name identifier 
acquisition unit (2) from the printing request . An access - 
control table (3) is provided, which previously registers some 
pre-known person's name, their name identifier and their corresponding 
printing access classification. A name judging unit (5) and name 
identifier judging unit (4) are provided, which judge the respective 
extracted name of user and the name identifier are already 
registered in the access control table. When the extracted name and 
the name identifier are judged to be not registered in the table, the 
received printing request is rejected. 

When the name and the name identifier are judged to be registered 
in the memory, an authority judging unit (6) judges whether the access 
classification of the received printing request, matches with the 
corresponding access classification registered in the access 
control table. When the concurrence of the access classification is 
judged, the access of printing request is approved. 

ADVANTAGE - Enables to receive printing request from user with few 
protocols. Enables free control of printing access . 
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ACPs are programs that encode arbitrary specifications of delegated 
access rights . A client creates an ACP and associates it with a 
request to a server, the request being made through one or more 
intermediaries . 

When processing a request received from an intermediary, the 
server executes the access control program to determine whether or 
not to grant the request . 

USE /ADVANTAGE - In computing system comprising server, client , 
and intermediary, to process ultimate request delivered to server 
as final request in chain comprising linked requests, client and 
all intermediaries each being associated with one linked request of 
chain, intermediary that delivers ultimate request to server 
being final intermediary in chain and being designated as requestor. 
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Self -modifying access code for altering capabilities - has secure 
function transmitter controlling remote computer system, while 
secure control generator creates unique access number PIN 
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The system includes a locally accessed computer system, a secure 
remote access number generator for generating an access number for 
selectively transmitting the access number to the locally accessed 



computer system, a local secure access control within the locally 
accessed computer system. 

The system also incorporates a data link for transmitting the 
access number along with a unique entered personal identification 
number of altering parameters of the locally accessed computer system 
after the locally accessed computer system has been accessed by a 
transmission from the secure remote access number generator, and a 
device within the locally accessed computer system for comparing the 
entered personal identification number to the access number a 
predetermined number of times. 

USE /ADVANTAGE - For gaining access to automated tellers and 
security areas with verification of authorisation . . Permits selected 
users to access and manipulate partic files or which enable of disable 
of electronic system and being capable for selective modifications 
without physical and mechanical manipulations. 

Dwg. 4/12 

Title Terms: SELF; MODIFIED; ACCESS; CODE; ALTER; CAPABLE; SECURE; FUNCTION 
; TRANSMIT ; CONTROL; REMOTE; COMPUTER; SYSTEM; SECURE; CONTROL; GENERATOR 
; UNIQUE; ACCESS; NUMBER; PIN 

Index Terms/Additional Words: PERSONAL; IDENTIFICATION; NUMBER 

Derwent Class: T01; W01 

International Patent Class (Main) : H04L-009/32 
International Patent Class (Additional) : G06F-012/14 
File Segment: EPI 



20/5/45 (Item 33 from file: 350) 

DIALOG ( R) File 350:Derwent WPIX 

(c) 2003 Thomson Derwent. All rts. reserv.. 



009830341 V+ Image available** 

WPI Acc No: 1994-160255/199420 

XRPX Acc No: N94-126059 
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access to system resources, sending authorisation token, and copy of 
authorisation to IOP connection manager, requesting connection with 
manager, validating authorisation copy, establishing connection between 
IOPs 
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The method comprises the steps of requesting access to system 
resources using a connection manager residing on a IOP (120) . An 
authorisation token is sent to a second IOP connection manager residing 
in a second IOP. A copy of this token is sent from the system 
authoriser as part of a second message transmitted on the bus (115). 

A connection with the first IOP connection manager is requested via 
a third message contg. the token copy transmitted via the bus. The copy 
of the token is validated by the second IOP connection manager and a 
connection is established between the first and the second IOPs across 
the bus based on the outcome of the validation. 

ADVANTAGE - Provides enhanced method and appts. for communicating 
data among components of computer system and for authorising 
connections among IOPs of computer system. 
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base manager 

Patent Assignee: APPLE COMPUTER INC (APPY ) 

Inventor: DIRKS P W; KENYON L A; SIDHU G S 

Number of Countries: 001 Number of Patents: 001 

Patent Family: 

Patent No Kind Date Applicat No Kind Date Week 

CA 1316610 C 19930420 CA 587989 A 19890111 199321 B 



Priority Applications (No Type Date): US 88146568 A 19880121 
Patent Details: 

Patent No Kind Lan Pg Main IPC Filing Notes 
CA 1316610 C 39 G06F-015/16 



Abstract (Basic): CA 1316610 C 

In a process where data is stored on a shared network memory device 
coupled to a number of user computers and having a network file server 
control program, the method of accessing , certain shared information 
regarding the data stored on the shared network memory device such that 
none of the user computers can directly manipulate the certain shared 
information, involves organising a shared network desk top. 

A network desk top access protocol which conveys information about 
both the accessing user computer and the desk top function requested is 
implemented. A shared network desk top data base manager is then 
implemented for receiving messages of the network desk top access 
protocol from the user computer such that the instructions comprising 
the messages are executed by accessing the shared network desk top on 
the shared network memory device in a predetermined manner. 

USE /ADVANTAGE - For managing various file's desk top information 
stored in shared desk top subject to access privileges of users . 
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Abstract (Basic) : WO 9016126 A 

The controller suspends data communication between devices until 
the identity of the user has been satisfactorily verified. Instead 
of using conventional passwords, the user is prompted for 
identification data consisting of returned voice transmissions over a 
telephone line. 

Voice processing techniques are then applied to ascertain that the 
user's characteristics match previously supplied data. If the match is 
positive computer communication is established via a matrix switch 
controller , allowing either initial access or access to more 
secure data levels. 

ADVANTAGE - Provides additional protection against unauthorised 
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Abstract: As the use of information technology is increasing rapidly in 
organizations around the world, an important task is to design global 
networks with high security, efficiency and functionality. While 
centralized systems have the advantages of simplified management, they 
face the problems of bottleneck and single point of failure. In this paper, 
we propose a new authorization scheme that operates over existing 
centralized authentication mechanisms. The goal is to enhance the 
performance and scalability in a centrally administered security 
architecture. A new technique of using one-shot authorization tokens is 
introduced. It facilitates a mechanism for updating or revocation of the 
access rights of users in online or off-line authorization models. A 
smart card is used as an authorization device in addition to its 
traditional function of user authentication. This scheme provides the 
mobility for users and the flexibility in coping with different access 
control policies in a cross domain multi-application environment. 19 
Ref s . 
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Abstract: The author argues that a university computing environment must 
rely on some degree of secure operation and that a minimum of the following 
security entities are required to provide secure access to authentication 

requests : node -to- node line verification (caller's node number); the 
connected device (hardware ID ) and user 's identification ( user 
-name/password) must be compared against access control information, 
and a security layer that establishes procedures between host and network 
such as routing of data (access-path), node information, and user's 
authentication. 4 refs. 
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Service organizations require information in order to provide services 
(Bowen, 1986; Mills & Margulies, 1980) . Clients are the source of that 
information, resulting in interaction between clients and service 
organizations to exchange information and complete the service process. 
Interaction with clients results in uncertainty for service organizations; 
uncertainty about whether clients will be disruptive, whether clients will 
have necessary information, and whether clients will be able to perform a 
required role in the service process. Service organizations respond by 
using control mechanisms to channel client behavior and direct the 
information exchange. Client control mechanisms vary across service 
organizations. The purpose of this study was to identify the determinants 
of client control mechanisms. 

It was hypothesized that characteristics of interaction (response 
function and client status) and information (information clarity and 
technical expertise) would be related to seven client control mechanisms 
{regulative rules, operative rules, centralization, organizational 
supervision, implicit and explicit physical setting, and social controls) . 
The research was conducted in 57 units of service organizations. One 
manager from each unit was personally interviewed with a structured 
questionnaire. Three employees of each unit completed a self -administered 
questionnaire. Each questionnaire addressed characteristics of service 
operations and clients. Findings indicated that the degree of ambiguity of 
information exchanged was related to controls limiting access , to 
controls requiring client identification , to control through the 
implicit physical setting, and to less use of operative rules. The degree 
of standardization of information being exchanged was related to operative 
rules; the average length of employee education was related to client 
orientation and education programs. Characteristics of interaction were not 



associated with client controls. 

The results indicate that service organizations are information 
processing entities and mechanisms used to control client actions are 
related to characteristics of information being exchanged. When information 
cannot be clearly specified, controls are used which are vague and 
ambiguous, such as the interior design of an operation. When information is 
specific and known, rules and procedures can be used to direct client 
behavior and interaction. The degree of ambiguity in the 

organization-client relationship is related to the degree of ambiguity in 
client controls. 
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An improved method of executing a plurality of computer application 
programs on a multicomputer is disclosed. The present invention pertains to 
a task scheduling system in a multicomputer having nodes arranged in a 
network. The present invention comprises an allocator and scheduler 
component, which comprises processing logic and data for implementing the 
cask scheduler of the present invention. The allocator and scheduler 
operates in conjunction with a partition to assign tasks to a plurality of 
nodes. A partition is an object comprising a plurality of items of 
information and optionally related processing functions for maintaining a 
logical environment for the execution of tasks of one or more application 
programs. Application programs are allowed to execute on one or more nodes 
of a partition. Moreover, a node may be assigned to more than one partition 
and more than one application program may be loaded on a single node . The 
allocator and scheduler provides allocator procedures used by 
application programs for identifying a node or group of nodes for 
inclusion in a partition. The allocator and scheduler also provides several 
data areas for the storage of information relevant to the allocation and 
scheduling of tasks. These data areas of the allocator and scheduler 
include a partition data area, an application data area, and a layer data 
area. This invention provides a means and method for hierarchically linking 
application programs, layers, and partitions together to provide an optimal 
execution environment for the execution of a plurality of tasks in a 
e: ' ; 1 \. i computer . 
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: *■ v.^en: : Practical (P) 
*-.r\s* razi: in chis paper we provide a concurrency control and recovery 

C.'R) mechanism over cached LDAP objects. An LDAP server can be directly 
queried using system calls to retrieve data. Existing LDAP implementations 
do not provide CCR mechanisms. In such cases, it is up to the application 
to verify that accesses remain serialized. Our mechanism provides an 
independent layer over an existing LDAP server (Sun One Directory 

Server ), which handles all user requests , serializes them based on 2 
Phase Locking and Timestamp Ordering mechanisms and provides XML-based 
logging for recovery management. Furthermore, while current LDAP servers 
only provide object-level locking, our scheme serializes transactions on 

individual attributes of LDAP objects (attribute-level locking) . We 

have developed a Directory Enabled Network (DEN) Simulator that operates on 
a subset of directory objects on an existing LDAP server to test the 
proposed mechanism. We perform experiments to show that our mechanism can 
gracefully address concurrency and recovery related issues over an LDAP 
server. (14 Refs) 
Subfile: C 

Descriptors: cache storage; concurrency control; distributed object 
management; hypermedia markup languages; object-oriented databases; 
protocols; query processing; telecommunication network management; 
transaction processing 

Identifiers: lightweight directory access protocol; cached LDAP objects; 
LDAP server; querying; system calls; independent layer; Sun One Directory 
Server; 2 Phase Locking and Timestamp Ordering mechanisms; XML-based 
logging; object-level locking; transaction serializing; Directory Enabled 
Network Simulator; concurrency control and recovery; CCR mechanism 

Class Codes: C5640 (Protocols); C6160J (Object-oriented databases); 
C6150N (Distributed systems software); C6160B (Distributed databases) 

Copyright 2003, IEE 



11/5/6 (Item 1 from file: 94) 

DIALOG (R) File 94 : JICST-EPlus 

(c)2003 Japan Science and Tech Corp(JST). All rts. reserv. 

05313187 JICST ACCESSION NUMBER: 03A0016289 FILE SEGMENT: JICST-E 

Study on Applying Active Monitor and Control to Access . 

UCHIYAMA KAZUO (1); IWAI YASUKO (1); ONISHI YASUFUMI (1) 

(1) Japan Def. Agency, Tech. Res. and Dev. Inst. 2nd. Res., JPN 

Boeicho Gijutsu Kenkyu Honbu Giho (Technical Report. Technical Research and 

Development Institute, Japan Defense Agency), 2002, NO. 6780, PAGE . 15P, 

FIG. 5, REF.5 
JOURNAL NUMBER: G0429AAR ISSN NO: 0916-2852 
UNIVERSAL DECIMAL CLASSIFICATION: 681.3:002 681.3.02-759 
LANGUAGE: Japanese COUNTRY OF PUBLICATION: Japan 

DOCUMENT TYPE: Journal 
ARTICLE TYPE: Original paper 
MEDIA TYPE: Printed Publication 

ABSTRACT: This paper describes the system which monitor and control 

access positively. Usual countermeasures for illegal access to server, 
DoS (Denial of Service) etc. are fire wall and IDS ( Intrusion Detection 
System) . However, these methods are "passive", because they are only to 
do halt access by changing set up of F/W or warning display. This 



"passive" countermeasure is not solving the problem for illegal access 
fundamentally. In this study, we have developed the server system that 
identified "actively" to the access at first. The function for 
developed system is as follows. 1) The server has a function that it 
has right to admit access and also have countermeasure if user violate 
T :he rule. 2) To send monitor and control function which is possible 
r -G communicate between server and access user. 3) Check up whether 
user have a right of access to server or not. 4) Check up the status of 
access user and notify it to server. 5) By receiving notification, 
control access user. 6) Access monitor and control function is 
effective while user access to server. But if it is not function, the 
access will be shut off. 7) Sending key, which embed identification 
display to access node , trace route, can realize. The experiment for 
evaluates this "active monitor and control" server system has conduct 
on LAN. As the result, we have confirmed the effectiveness of our new 
approach and this system, (author abst . ) 

DESCRIPTORS: active control; authentication; access control ; monitoring 
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ABSTRACT: The writer discusses webrelay, a freely available multi-threaded 
HTTP relay server. Webrelay was designed to address the problem faced by 
legitimate users of a university library. When these users connected 
directly to the Internet from an off-campus IP address, the vendor web 
server typically rejected the access request. Webrelay authenticates 
clients to ensure they are legitimate users before connecting them to the 
vendor web server. The vendor's server subsequently identifies requests 

as coming from the relay server itself, which always has a valid IP 
address or campus-wide user identification . 
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ABSTRACT : With the growth in the scale of network technologies, security 
has become a major concern and a limiting factor. Computer networks 
provide convenient procedures for users operating at remote places. 
However, an intruder can easily access and intercept information 
transmitted in an open channel. Two integrated schemes for user 
authentication and access control are proposed, which are mechanisms 
used to provide for the protection of privacy and security in a distributed 



environment. One scheme is a dynamic approach which provides an efficient 
updating process for the modification of access rights. The second scheme 
allows servers to simplify verification processes for multiple access 
requests of a user at the same time. Both schemes are noninteractive 
approaches in which security is based on the computational difficulty of 
solving the discrete logarithm problem. Compared with other schemes 
proposed previously, the schemes are more secure and efficient and suitable 
for applications in a distributed environment. Intruders cannot derive 
secret information from public information. Intruders are not able to 
acquire the passwords of users from previously intercepted messages. By 
applying a time stamp, the schemes can withstand the replaying attack. 
Reprinted by permission of the publisher. 
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Rennhackkamp, Martin 
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Dec, 1998 
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; Abstract 
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specified per user. The DB2 for Windows NT security model uses the 
Windows NT Security Access Management (SAM) database to obtain user and 
group information, user name authorization , and user name-password 
validation. On Windows 95, all users are assumed to have administrator 
authority, therefore... 

...configure backups, log dumps, and more, and configure those operations 
for multiple databases as multi- server jobs . Those plans will be 
downloaded and applied to the mobile databases when they connect. 
Oracle Lite can perform online backups... 
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. . . Internet Mail Extension (MIME) gateway. This lets your GroupWise 

system communicate with any other SMTP server on the Internet. You can 
send and receive attachments, tasks , schedules, appointments, e-mail, 
and calendar items over any TCP/IP or Unix network. Using... 

...is tightly integrated with Novell Directory Services (NDS) , and takes 
advantage of the centralized user management and access control . 
Management chores are handled by a 32-bit snap-in to the Windows-based 
NWADMIN utility. . . 

...point of management, you can define all aspects of GroupWise from 
post-office name to user access rights . You can also monitor GroupWise 
via SNMP agents in ManageWise or in HP's OpenView. . . 
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Delphi's 32 -bit version: does OLE automation, (using Borland's Delphi for 

Windows 95 1.5 to create applications that access SQL Server 6 . 0 

functions) (Delphi Expert) (Technology Tutorial) 

Raj an, Sundar 

Data Based Advisor, vl4, n2, pl08(7) 
Feb, 1996 
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RECORD TYPE: Fulltext; Abstract 



... OLE Automation is useful, but what's more exciting is using OLE 

Automation for database access and administration. SQL Data Management 
Objects in Microsoft SQL Server 6.0 let developers access many of SQL 
Server 1 s . . . 

...Database Administration functions and tasks be automated by Delphi 
programs, instead of TRANSACT SQL stored procedures and batch files. * It 

provides direct access to SQL Server properties, such as login 
time-out or process ID, that are otherwise possible only through. . . 

...and Collections. The database object contains a collection of table, 
view, and stored procedure objects. Individual objects have properties ( 
attributes : SQLServer. Name = "MADRAS") and methods (actions: SQLServer. 
Connect or SQLServer . Shutdown) . 
A major bonus of . . . 
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... program and service client requests. Hewlett-Packard calls them 

Manager Objects, each has its own identifier . Client access Manager 
Objects via proxy Client Objects, which are based on the Interface 
Definition Language Application Programming... 

...classes and objects in OODCE/9000, including those for implementing 
Manager Class functionality and writing Server Main function and 
client programs without dealing directly with the Distributed Computing 
Environment Application Programming Interfaces. Hewlett-Packard says the 
combination of these... 
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Object-oriented Archive. (Johnson Computer Software Team Ltd. f s document 
management software, version 3.0) (Product Watch) (Product Announcement) 

Wright, Lonni 
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DOCUMENT TYPE: Product Announcement ISSN: 0896-145X LANGUAGE: 

ENGLISH RECORD TYPE: FULLTEXT; ABSTRACT 
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documents to be designated private or public. Private documents are 
known only to their owners. Access to public documents can be restricted 

both in terms of privilege (list, copy, edit, take out) and the personnel 
to whom. . . 

...provides centralized control of workgroup setups. The system 
administrator can disable or reassign the access rights of any user . 
Work stored with Archive is automatically transferred to the server where 
it 1 s subject to. . . 



..'.to be an expert on the DOS file system to use Archive. All aspects of 
client - server communication , logon procedures and modem operations 
are totally automated and completely transparent. 
"The nicest thing about Archive is... 
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... will cost between $30 and $50 per site, according to Novell. 

The tools afford Mac users rights and services similar to those 
available to DOS and Windows NetWare clients. To accomplish this... 

...to services beyond those allowed by AFP, including: 

> Rights and attributes. While NetWare administrators assign users 1 
overall rights , the new utility lets authorized users see their rights 
, see users with similar rights , and assign or remove trustees 1 rights 

> User and group setup. Mac clients can add or delete users, set up 
groups, and assign or change passwords. 

> Print queue access . Authorized users can manage NetWare's print 
queues to schedule, hold or halt print jobs sent from any client to 
any network printer. 

> Simple messaging. This feature lets users locate others on the 
NetWare . . . 
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Tower Lane, 18th Floor, Foster City, CA 94404. 
COMMUNICATIONS 
* CONNECTIVITY 
AlisaTalk 3 

AlisaTalk, a file server for networked Macs, provides numerous 
features for VAX, DOS, and Mac interoperability. Slow for AFP file sharing 
and requires ... groupware" product for the Mac. As with multiuser databases, 
Aspects provides several users with simultaneous access to multiple 
documents ( limited by available RAM) . Word-processing, drawing, and 
painting modes are provided, but there are no. . . 
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POWERlan. (Software Review) (one of 14 evaluations of DOS-based local area 
networks) (evaluation) 

Maxwell, Kimberly 
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... loss of some capabilities.) Security measures include creating user 

log-on files and setting up user access and privileges . You can 
limit the number of allowed log-on attempts to discourage would-be 
intruders who try to. . . 

...and possible shutdown. 

If you want to set up printers or use the Navigate resource- 
management program, you can access these utilities through PLADMIN's 
main menu. The PLQ utility lets you control print jobs... 

...at various print servers, and manipulate print-job and unspooler queues. 
Instead of submitting print jobs to specific printers, users send them 
to a server with a print profile that contains a set of printing 
attributes, such as a laser. . . 
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... movement of approved standards between the two databases. 

Configuration management is a function that provides control over 
the access of documents in SAD and AD. Six different review steps are 
supported which involve development and release of standards. 

Authoring is a function that provides a intelligent workstation 
based environment to create, edit and tag standards. The authors have 
access to the SGML... 

...company's network. The tiered architecture allows accuracy of 
information by linking each user's workstation to the Sole Authority 
Database. The Decentralized Distribution Control function operates on the 
pull system principle. Upon revision of... 
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and above . 

Methods of backup: full, directory, date, modified files, file-by- 
file, wild card, attribute . 

Verification: user controlled and automatic, backup can be 



interrupted and resumed later. 

Methods of restore: full, directory... 

...3.0 and above . 

Methods of backup: full, directory, date, modified files, file-by- 
file, access date. 

Verification: user controlled . 

Methods of restore: full, directory , date, file-by-file. 
Archiving function : yes . 

Other features: automatic formatting, server -based, backup Mac 
files, SCSI and QIC. 02 boards available (?) . 
Price: $1,195 (286); $1... 
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Output file. ) 
NETWORKING 

For LANBatch to run on the network, the network administrator must 
create user ID called Batch. This ID is treated just like any other 
user ID , and it is subject to access rights and restrictions . The 
software will run only on a machine that is logged on as Batch. You must 
give the Batch user ID enough rights to access any of the directories 
and the peripherals. By doing so, you also give... 

...If security is not a big concern, the best thing to do is assign 
supervisor rights to the Batch user . Under NetWare, you could use the 
SysCon facility to create a special group defining the people who can use 
Batch. When the batch" server processes a job , it uses the directory 
of the person who submitted the file as the current directory. This 
prevents someone from. . . 
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necessary functions performed by system SUID programs and then 
write alternate "servers" to perform these tasks . System programs were 
rewritten to communicate with the appropriate server whenever a user 
required a privileged action. Needless to say, every time yet another 
system command was added to the system. . . 

. . .This problem has been fixed in some secure versions of UNIX through the 
use of access control lists (ACLs), which simply store additional 
information along with the file to specify access on... 
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... If it is lost, no amount of money is going to bring it back." 

* Computer access . Management must analyze and assess employees] 
responsibilities, and determine the information that they should get in. . . 

...an employee to log on to the system using a correct password and use the 
computer for routine tasks . You would not provide that employee with 
a password to access DOS commands, however, because one of those commands 

...To enable a company to set up its own security hierarchy, where certain 
groups have access to certain programs at management ' s behest, Tower 
Systems, Costa Mesa, CA, provides Surveillance software. This system 
protects the IBM 3270 environment. Says Steve Lefler, product manager , "A 
way to prevent unauthorized access to information is to have a separation 
of responsibilities. In this way, no one person... 

. . .person in the cluster has access to information in that particular file 
only. Yet, certain individuals can have access to higher levels of 
information within the file, being provided with a password from the 
security administrator. Common... 
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... NT security model, ensuring safe and secure sharing of information. 

* Easy to manage and control. User Profiles and System Policies 
allow system administrators to manage user desktops easily, including the 
ability to control access to the network and desktop resources as well 
as support for users roaming between multiple. . . 

...of the Designed for Windows 95 logo and signifies to customers that the 
products they acquire function on Windows NT Workstation 4 . 0 and 
Windows 95, and offer the benefits of 32-bit systems when they. . . 
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METZ Phones Legal Edition for Windows 95/ NT 

METZ Phones Legal Edition simplifies the task of maintaining a law 
firm directory by keeping shared client information current. It 
provides fast and easy access to centralized databases of common telephone 
and. . . 

. . .Administrator. METZ Phones Administrator, a powerful addition to METZ 
Phones Legal Edition, lets network administrators manage and control 
access to address and telephone databases by granting access rights to 
each user . Access rights are defined by file, group and/or user level. 
Grouping users together lets the administrator... 
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the-blank screen forms. On-line help information is also available. 

The system stores lab procedures and other operations information 
directly on the computer 
, eliminating the need to maintain hardcopy 

records . 

Add 2-2-2-2 
CAST /VAX can. 

...calculations, allowing maintenance of tight 

specification standards. A built-in security feature discriminates 
between different user levels, allowing lower- level users 

access to 

limited information, while allowing higher- level users access 

to a 

full range of capabilities. 

Further information is available from Applied Research Laboratories, 
24911. . . 
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December 29, 1986 



TONE SOFTWARE CORPORATION announces the availability of a new 
product, the TSO ACCESS MANAGER 
(TAM) . TAM becomes the third member 

of the recently announced Tone Operations Productivity Software 
family. . . 

...specifically to enhance the efficiency and effectiveness of the data 
processing operations organization. 

The TSO ACCESS MANAGER 

is the first product available which permits 

an installation to actually schedule TSO user sessions. TAM enables 
TSO access to be governed based on installation defined criteria. 

Access to TSO can be restricted based on the day of the week, the 

time of the day, the TSO Logon Procedure name, the terminal 
id of the 

VTAM terminal in use, the TSO userid, or any combination of these 
criteria . 

Once a user has obtained TSO access , further controls permit the 

installation to limit the length of a user session, and to cancel or 



...additional security in the event 

that the user logs on and walks away from the terminal . A user 
command is also provided to manually perform the locking function . 

The TSO ACCESS MANAGER permits users to be placed into groups for 
purposes of defining TSO access . Once grouped, the Operations 
Manager 

can guarantee a specific number of TSO sessions within the group at 
any time throughtout . . . 
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887-3729 

FOR IMMEDIATE RELEASE: 

NEW SECURITY AND ACCESS SYSTEM 
FOR UP TO 256 REMOTE CONTROLLERS 

New security and access control 
system, DCS-1000 from Cardware, Inc., 

has SDLC/SNA Local Area Network subsystem allowing up... 

. . .within restricted areas of 

company. Upon verification of ID number, personal identification 
number (PIN) , and security level , user is allowed to access . 
Simultaneously, main controller records time, ID number and door 
number . Access control 
permits entrance to all areas card-holder is 
allowed access. 

Job costing and attendance options can be used in combination with 



security and access controls . The user can assign a job costing 
option to the main controller for purpose of. . . 

...with an RS-232 serial 

interface port. Menu-driven software package is available to perform 
communication function between main controller and host computer 

The DCS-1000 is now available for the OEM market. 

Cardware, Inc. 7252 Remmet Ave. . . 
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TEXT: 

...base which ranges from secure ID cards for authorising financial and 
banking transactions, to ID, . access control and membership cards for 
commercial and government applications. It also includes a switchable power 
supply. . . 

...token. Once the layout is ready, card production can begin straight 
away. The built-in computer handles all the data acquisition and code 
generation tasks needed to produce individual, personalised cards, 
presenting two simple on-screen forms to obtain the... 

...each application. A range of complementary card readers and peripherals 
are available for Datastrip-based ID systems, which allow users to 
perform automated or manual checks, or both. The company offers a unique 
product for. . . 

14/3, K/20 (Item 2 from file: 636) 

DIALOG (R) File 636: Gale Group Newsletter DB(TM) 
(c) 2003 The Gale Group. All rts. reserv. 

03213654 Supplier Number: 46591782 (USE FORMAT 7 FOR FULLTEXT ) 
MICROSOFT RELEASES WINDOWS NT WORKSTATION 4.0 
PCNetter, vll, n8, pN/A 
August 1, 1996 

Language: English Record Type: Fulltext 
Document Type: Newsletter; Trade 
Word Count: 223 

* User Profiles and System Policies allow system administrators to 
manage user desktops, including the ability to control access to the 
network and desktop resources, as well as support for users roaming between 
multiple. . . 

...of the Designed for Windows 95 logo and signifies to customers that the 
products they acquire function on Windows NT Workstation 4.0 and 
Windows 95 and offer the benefits of 32-bit systems when they. . . 
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standards and procedures in the organization, such as a corporate 
information security policy and physical access control procedures. 
Determining risks 

Many practitioners of methods for the determination of information 
technology related risks... 

...cover risks related to all aspects of computer and information security, 
including hardware, software, data communication networks, personnel, 
documentation, procedures and computer environments. It should also 
cater for the interdependencies amongst those aspects. 

Risk assessment, risk analysis... 
...dimensional as well as a multi-disciplinary perspective. The 
multi-disciplinary concept stems from functional computer security 
levels (social, organizational, administrative, physical, logical, program 
logical) . The interrelationships between tasks within these functional 
security. . . 

...as identifying threats related to the physical computer room, and 
determining the cost of logical access controls ) constitute a 
multi-dimensional character. 

A risk analysis program should not be some arcane program. . . 
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... and processing capabilities. 

The LAN requester, database manager, and some communications manager 
functions now support user profile management — a feature that 
allows access to EE and LAN functions through a single user ID and 
password. 

Borland Sidekick for presentation manager will also be packaged with 
EE 1.2. . . 

. . .APPC) protocol for mapped conversation. Programmers now can choose the 
most effective location — host or workstation -- to execute the 
application function . 

Easel 1.1 also provides access to the OS/2 database manager . 
Frequently used data can be stored and retrieved at the workstation while 
allowing users to. . . 
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enables users to automatically receive documents of interest when 
they are posted to the repository. 

Access Control : Ensures that users gain access to only the 
information for which they are authorized. 

Display/Print: Provides end-user facilities... 

...end-user until its final delivery. Administrators can monitor the status 
of spooled print/output jobs and receive notification of changes in 
device status, errors, or completion of the output job. 

Fault-Tolerance: Enables automated recovery from output... 
...and notifying the end-user of its location. 

Security: Enforces corporate security policy, such as authorization 
of users to data and to output devices and encryption of data prior to 
transmission via the... 
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. . . appear" at the application function. 

From this point onward, the secure computer will be in control . It 
will permit or deny access only according to user profile information 
stored on the SIM and possibly following negotiation with other interested 
parties . 

The monitoring. . . 

. . .preventing unwanted transmissions or other behavior. It will be under 
the control of the secure computer and will provide a provable 
reporting function to the regulators. 

Along with its advantages, software-defined radio offers great 
challenges to designers... 
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2 LAN Server, Windows NT and MVS. 
The RAS Enterprise workflow process begins with a manager requesting 
access for an employee. The form is routed through administrators that 
grant or reject access. If... 



...system, issuing an alert and updating internal SQL databases with the 
true settings. 

Authenticating the User Identifying the actual user behind the 
computer , never an easy task , is getting harder. Station addresses are 
the worst method of identification, about as helpful as knowing what... 
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... 888 are: locational pricing; fixed transmission rights and 

transmission congestion contracts that give defined financial rights to 
grid users ; and explicit market-based pricing of congestion and ancillary 
services. In almost every instance we... of proof should face those who 
would charge balancing penalties in excess of costs, or restrict 
voluntary access to balancing services. 

FORCING INDIVIDUAL ACCOUNT BALANCING. The operator must maintain 
aggregate energy balance in... 

. . .particular combinations of transactions to remain balanced. Quite the 
contrary. Individual balancing requirements, complicate the task for the 
operator. They provide a device to reinforce market power. That goes 
against the public interest. 

BARRING LEAST-COST DISPATCH. The... 
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... other benefit is that we don't have people crunching out sheet 

after sheet of individual profiles and development plans." 
How intranets can help 

While organisations such as the Marine Safety Agency. . . 

...clutters up most workplaces, intranets can speed up internal 
recruitment, according to James Garnett, commercial manager for IBM's HR 
Access , an integrated personnel and payroll system. People in some 
organisations, he says, can now apply directly for posts advertised on 
electronic bulletin boards and receive details about those jobs on 
their own computer screens. 

While Garnett stresses the benefits that intranets can bring to large 
organisations, Paul Wallace. . . 
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./.system, issuing an alert and updating internal SQL databases with the 
true settings. 

Authenticating the User Identifying the actual user behind the 
computer , never an easy task , is getting harder. Station addresses are 
the worst method of identification, about as helpful as knowing what... 
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... 888 are: locational pricing; fixed transmission rights and 

transmission congestion contracts that give defined financial rights to 
grid users ; and explicit market-based pricing of congestion and ancillary 
services. In almost every instance we... of proof should face those who 
would charge balancing penalties in excess of costs, or restrict 
voluntary access to balancing services. 

FORCING INDIVIDUAL ACCOUNT BALANCING. The operator must maintain 
aggregate energy balance in... 

...particular combinations of transactions to remain balanced. Quite the 
contrary. Individual balancing requirements complicate the task for the 
operator. They provide a device to reinforce market power. That goes 
against the public interest. 

BARRING LEAST-COST DISPATCH. The... 
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... other benefit is that we don't have people crunching out sheet 

after sheet of individual profiles and development plans." 
How intranets can help 

While organisations such as the Marine Safety Agency. . . 

...clutters up most workplaces, intranets can speed up internal 
recruitment, according to James Garnett, commercial manager for IBM's HR 
Access , an integrated personnel and payroll system. People in some 
organisations, he says, can now apply directly for posts advertised on 
electronic bulletin boards and receive details about those jobs on 
their own computer screens . 

While Garnett stresses the benefits that intranets can bring to large 
organisations, Paul Wallace. . . 
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companies . 

Security techniques. A number of procedures can be implemented to 
increase security. These include employee photo identification cards, 
card access to controlled areas, visitor controls and log books, 
computer security procedures , and delivery /tradesmen controls and logs 
for individuals and vehicles. Records should be maintained for maintenance 
and. . . 
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efficient than sending over a bunch of dynamic SQL that has been 
built on the client ," Glover says. The stored procedures approach also 
provides a secure method of controlling data access by users. 

"We don't give any client the privileges to select data 
dynamically," Glover says. "You can run into trouble with client/server if 
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can also set permissions for individual users, but you must back up 
to the Access Profile window and pick User List. 

LAN Server's remote management is more limited than that of competing 
products. Anything. . . 

...does not include a built-in backup utility. You can back up LAN Server's 
Access Control Profile information but not the user data. But it has a 
utility to connect two... 
. . .the Net Accounts command. 

LAN Server offers five levels of network managers, based on 
administrative tasks : Administrator, Accounts Operator, Communications 



Operator, Print Operator, and Server Operator. An Administrator has 
control over the entire network, and Accounts Operators are limited to. . . 
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... an employee to log on to the system using a correct password and 

use the computer for routine tasks . You would not provide that 
employee with a password to access DOS commands, however, because one of 
those commands... 

...To enable a company to set up its own security hierarchy, where certain 
groups have access to certain programs at management ' s behest, Tower 
Systems, Costa Mesa, CA, provides Surveillance software. This system 
protects the IBM 3270 environment. Says Steve Lefler, product manager , "A 
way to prevent unauthorized access to information is to have a separation 
of responsibilities. In this way, no one person... 

. . .person in the cluster has access to information in that particular file 
only. Yet, certain individuals can have access to higher levels of 
information within the file, being provided with a password from the 
security administrator. Common... 
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BYLINE: 

By Paul M. Eng in New York 
TEXT: 

... do there. Companies have to ask themselves: "Does it really help you to 
do your job better? 1 " says Daniel Shubert, director of the client / 
server technical-services group for Electronic Data Systems Corp. 

While companies clearly see a future for... 

...president of Bell Atlantic Corp.'s large business-services unit. %v There 
are security issues, network- access issues, control issues." 

ONE BIG LAN. The good news is that these questions are being addressed. 
Novell . . . 

. . . that offers information on all resources on the network and keeps track 
of a network user 's access rights to those resources — just like an 
internal corporate LAN. Others are also working on providing... 
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...TEXT: turn off all privileges at the Everyone level (thus disallowing 
guest access), turn on all privileges at the User /Group and the Owner 
levels, set the User/Group to Print Server Clients, and turn... 

... the option "Can't be moved, renamed or deleted." For examples of the 
Users & Groups control panel and the access privileges window of the 
PrintMonitor Documents folder, see "Print-Server Setup." 

On each client Mac... 

...paste the icon into the Get Info window of the alias. From now on, the 
client will automatically forward print jobs to the server . 

Milo Sharp Fairbanks, Alaska 

If the print server is not available (for example, if it... 
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ASP server to offer multiple printer links 

Burns, Christine 

Network World vl0n46 PP: 25, 30 Nov 15, 1993 
ISSN: 0887-7661 JRNL CODE: NWW 
WORD COUNT: 4 64 

...TEXT: number of security and systems administration features. The print 
server uses Novell's password encryption- level security for user 

access . It protects an administrator's rights, as well, via a supervisor 
authentication feature that limits access to the JetLAN 4P print server 
controls . 

The JetLAN 4P offers a host of systems... 

. . . jobs to the JetLAN 4P goes down, then network clients using a 
peer-to-peer function of the JetLAN 4P can send important print jobs 
directly to the print server . 

A network administrator can invoke an initializing utility that lets the 
JetLAN 4P search the... 
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Defining software -radio regulations 

JOHN SPICER, Senior Consultant, Roke Manor Research Ltd. Romsey, U.K. 

ELECTRONIC ENGINEERING TIMES, 1999, n 1074, PG70 

PUBLICATION DATE: 990816 

JOURNAL CODE: EET LANGUAGE: English 

RECORD TYPE: Fulltext 

SECTION HEADING: COMMUNICATIONS: FOCUS - SOFTWARE RADIO /UNIVERSAL RF 
WORD COUNT: 988 



appear" at the application function. 

From this point onward, the secure computer will be in control . It 
will permit or deny access only according to user profile information 
stored on the SIM and possibly following negotiation with other interested 
parties . 

The monitoring. . . 

...preventing unwanted transmissions or other behavior. It will be under 
the control of the secure computer and will provide a provable 
reporting function to the regulators. 

Along with its advantages, software-defined radio offers great 
challenges to designers... 
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01169980 CMP ACCESSION NUMBER: NWC19980815S0013 
Basking in Glory - Is SNMPv3 worthy of all the fanfare? 

Dan Backman 

NETWORK COMPUTING, 1998, n 915, PG40 
PUBLICATION DATE: 980815 

JOURNAL CODE: NWC LANGUAGE: English 

RECORD TYPE: Fulltext 
SECTION HEADING: Features 
WORD COUNT: 2580 . 

2274 and 2275 suggest using the USM (User- based Security Model) 
and VACM (Views-based Access Control Model) as the reference security 
system. This allows vendors to support secure SNMP today while... 

...from the user's passphrase) . This, in turn, enables individual SNMP 
agents to verify the identity of the user and authenticity of the 
data, as well as apply access - control rules to individual MIB objects 
based on the user name generating the SNMP request. 

Note that the USM specifies only authentication and encryption 
functions- access - control rules are handled by a separate module ( 
defined as VACM in the SNMP reference standard) . Under the USM, the 
identity of the person initiating all SNMP queries can be verified, and 
sensitive devices can keep audit logs tying. . . 

...transmissions using CBC/DES ( Data Encryption Standard) encryption. This 
type of packet authentication guarantees the identity of the user who 
generated the SNMP request and generates a hash (HMAC-MD5) of the packet's 



...this as managing a network of Unix workstations by copying /etc/passwd 
files to each node . Luckily, SNMPv3 provides a way to perform this 
task easily and securely. In addition to specifying a security model, the 
USM specifies its own. . . 

...the agent is bootstrapped into the SNMP framework, any further updates 
to user database or access - control rules are simply propagated to all 
agents and managers. 

To make this work, all SNMP... 
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01101640 CMP ACCESSION NUMBER: WIN19960901S0127 

The new NT - Are you ready for NT 4.0? - Will NT become the world's most 

popular operating system? 
John Ruley 

WINDOWS MAGAZINE, 1996, n 709, PG170 
PUBLICATION DATE: 960901 

JOURNAL CODE: WIN LANGUAGE: English 

RECORD TYPE: Fulltext 
SECTION HEADING: Cover Story 
WORD COUNT: 3116 

... folder. A new System Policy Editor, compatible with both NT and 

Win95, replaces the old User Profile Editor from NT Server 3.x. Four 
additions in 4 . 0 include Administrative Wizards, the... 

...represent the most significant change. From an opening screen called 
Getting Started with Windows NT Server , the wizards provide simple 
step-by- step procedures for adding user accounts, managing 
administrative groups, controlling file/ folder access , adding print 
drivers, adding and removing programs, installing modems, creating 
network client installation disk sets... 
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... applications to users, including X.400 message handling, an X.500 

directory service, file transfer access and management (FTAM) , 
document transfer , remote job entry and a virtual terminal service. 

The first of these will be X.400 (1984 specification) and FTAM. 

Proposals Heard. . . 

. . .possible keyword attributes, ranging from country and service 
identifiers to the addressee's nickname and terminal identifier . 

To list all these on a business card, for example, would take up 
most of . . . 
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RECORD TYPE: Fulltext 
SECTION HEADING: Logging On 

TEXT: 

... Unix client's own /etc/passwd entries have to be set up with the 

same user ID and group ID numbers as ...functions. In addition, 
with the TCP/ IP Support Program offering, DOS clients on Ethernet can 
access these same LAN Manager services over a TCP/IP transport. AT&T 



remarkets FTP Software's TCP/IP for... server can access the full-screen 
SYSADM menu utility, which is required for many additional server 
configuration and maintenance tasks . The server console SYSADM utility 

provides only the more difficult command line NET ADMIN interface. Even 
with most administration of DOS. . . 

...the documentation's insistence to the contrary, Macintosh and DOS users 
cannot share a single user ID in both environments when centralized 
logon service is enabled. The "Use Script" check box must . . . SAA gateway 
later this year. Advanced emulation features available on Macs include 
support of most terminal types and extended attributes , with easy-to- 
use font sizing, keyboard remapping and window management, and even simple 
macro. . . 
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We know who you are 

Different approaches to network authentication give you plenty of ways to 
prove yourself, but The National Registry's SAF/nt tops our test 
thanks to tight ties with Windows NT. 

Byline: John C.C. Duksta 

Journal: Network World Page Number: 35 

Publication Date: August 24, 1998 
Word Count: 27 63 Line Count: 252 

Text: 

. . . was originally developed by ITT Industries for the National Security 
Agency for use in computer access control applications. SpeakerKey uses 
speaker-independent digit recognition in the form of pseudo-random number 
doublets... user is logged on. The workstation install was as easy as it was 
on the server side. The installation procedure installs a service that 

communicates with the Touchstone device and the Mytec GINA. The only 
real drawback with Touchstone is the high price. At... the authentication 
logs, including the images captured (see Figure 2), and add images to a 

user f s profile . Fortunately, in Version 2.0, TrueFace can pull user 
data out of the NT Security... 

...users to the NT domain. You'll still be adding a lot of images to user 
profiles while you deploy the product; until you get the right mix of 
images for the... 
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Buyer's Guide: Web server market springs to life 
Buyer's guide 

Now that there are plenty of products to choose from, your biggest 
challenge is keeping pace with the changes. 

Byline: Edwin E. Mier 

Journal: Network World Page Number: 61 

Publication Date: March 25, 1996 

Word Count: 234 0 Line Count: 210 

Text : 

. . . which is the server portion of the client/server protocol used on the 
Web. The server ' s sole job is to deliver HTML files - or Web pages - 
in response to requests from HTML-compatible Web browsers. A... access 
especially useful. This is a real advantage for Frontier's product, which 
supports four levels of administrative access . The person given the 
highest level of access can tap into all portions of the server and 
files. Subordinate levels can be set up to limit access to specific 
files, so different users can access and update their own Web pages, but... 



,\ . Some products rely on the underlying hardware platform and operating 
system to enable administrators to access and control the Web server. 
Depending on the platform, a local console may be the only option. For 
maximum flexibility, though, users should look for products that support 
management access via different paths. Common access methods include 
in-band management over the server's main LAN interface and out-of-band 
via a serial port . . . 



14/3, K/42 (Item 3 from file: 674) 

DIALOG (R) File 674: Computer News Fulltext 

(c) 2003 IDG Communications. All rts. reserv. 

045983 

New NetWare client going mobile 

Byline: Kevin Fogarty 

Journal: Network World Page Number: 2 

Publication Date: August 07, 1995 
Word Count: 4 33 Line Count: 38 

Text : 

. . . business as if they were in the office, said Steve Tucker, vice 
president and general manager of Novell's Advanced Access Applications 
group. The client keeps track of server-based files that a user accesses 
frequently. . . 

...jobs to queues. When the client connects to the network, it synchronizes 
the local and server copies of the files and sends print jobs to a 
printer selected by the user. Users have to select a printer in their. . . 

... or absence of the network transparent . 1 1 The client will also contain a 
facility that lets users create profiles , or sets of operating rules, 
for the different locales from which they work. For example, a user can 
establish the profile s 'hotel' 1 that limits the amount of file 
synchronization traffic running across a costly dial-up. . . 
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Vendors ready for Windows 95 

Byline: Joanne Cummings 

Journal: Network World Page Number: 14 

Publication Date: June 19, 1995 
Word Count: 613 Line Count: 60 

Text: 

... communications services, into Windows 95' s Network Neighborhood, 
enabling users to perform any Unix-based task directly from within the 
Windows 95 client . The Unix services appear as resources or objects that 
are available simply by clicking on. . . 

... log on to the net. The product also enables LAN administrators to build 
a security profile for one user - including all files, servers and 
directories to which they are allowed access - and then copy. . . 

...for other users. The software offers a number of customization features, 
including the ability to restrict user access to individual drives, 
partitions, directories or files, as well as the ability to specify 
different . . . 

... of those levels. Since protection is extended down to the AUTOEXEC.BAT 
and CONFIG.SYS levels , users cannot circumvent security by trying to 
boot up their machines from floppy disks, the firm said. StopLight 95... 
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Server gives user high-speed access to multiple printers 

Byline: Christine Burns 

Journal: Network World Page Number: LI 

Publication Date: November 15, 1993 
Word Count: 4 72 Line Count: 42 

Text: 

... print jobs on NetWare nets up to five times faster than Novell's own 
print server protocols do by themselves. Print jobs are transferred 

from the NetWare file server to the JetLAN 4P in large blocks of data to 
reduce net traffic. 
The JetLAN. . . 

...number of security and systems administration features. The print server 
uses Novell's password encryption- level security for user access . 
It protects an administrator's rights, as well, via a supervisor 
authentication feature that limits access to the JetLAN 4P print server 
controls . 

The JetLAN 4P offers a host of systems... 
. . . jobs to the JetLAN 4P goes down, then network clients using a 
peer-to-peer function of the JetLAN 4P can send important print jobs 
directly to the print server . 

A network administrator can invoke an initializing utility that lets 
the JetLAN 4P search the... 
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TECHNOLOGIC: New Wizard Included with Technologic 1 s Interceptor Firewall 
Appliance Reduces Installation Time to Less Than Half an Hour 

March 17, 1998 

Byline: Business Editors & Technology Writers 

...ensuring the end result is a properly configured 
firewall backed by a solid strategy for controlling access to 
corporate data. "The trend toward new 1 plug-and-play 1 firewall 
appliances needs to go. . . 

...new wizard-driven Windows application comes on a CD-ROM that 
administrators access from their PC . The wizard provides guidance 
through set-up procedures , using interview-style questions answered 
from choices presented on-screen. Once the process is complete... 

...operation 1 solution. 

Security policies included as part of the set-up allow 
administrators to select privileges for users both inside and outside 
the firewall. Policy descriptions relate to common Internet 
activities, such as... 

...not only affordable and easy-to-use but also offers the 
encryption, authentication and user- access controls companies expect 
in robust firewall protection. The appliance includes RADAR (Remote 
Administration, Diagnostics and Reporting... 
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DA2EL CORP: Dazel announces industry 1 s first toolkit for integrating output 
management capabilities into client/server applications; Extended 
support to include Windows 95 and NT 

March 11, 1996 

Byline: Business Editors /Computer Writers 

. . . applications . 

With the DAZEL SDK, Windows and UNIX application developers can 
integrate full functionality to manage , control and access 
distributed output resources from applications developed with C, 
C++, PowerBuilder and Dynasty, as well as... 

...environment. DAZEL provides the capabilities to centrally 
manage the six key areas of output management — delivery , 
configuration, accounting and inventory, job and queue, event, and 
privilege — directly from the client / server application. 
By incorporating DAZEL output management capabilities, 
client/server applications will be able to reliably. . . 



